ClawHub

Dingtalk Bitable

v1.0.0

钉钉多维表格 API 集成 - 表格管理、数据 CRUD。Use when: user asks about DingTalk bitable, table, database, spreadsheet.

0· 102·0 current·0 all-time
by码丁@cxwos
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md, manifest and Python code all implement DingTalk Bitable operations (list apps, meta, fields, records, CRUD, field management). The requested network access is only to api.dingtalk.com and matches the stated purpose.
Instruction Scope
SKILL.md instructions and tool signatures align with the implementation. The runtime will read credentials from environment variables (DINGTALK_CLIENT_ID/DINGTALK_CLIENT_SECRET) or from a local config (~/.openclaw/openclaw.json); this file access is documented in SKILL.md but not surfaced in registry metadata.
Install Mechanism
No installer or external downloads. Runtime is Python with the requests dependency (declared in manifest). No extraction or remote code execution beyond calling DingTalk APIs.
Credentials
The skill requires DingTalk credentials (appKey/appSecret) to obtain access tokens, which is proportional to its functionality. However, the registry metadata did not declare required env vars or config paths; the skill will instead read DINGTALK_CLIENT_ID/DINGTALK_CLIENT_SECRET or ~/.openclaw/openclaw.json. Confirm you are comfortable granting access to those credentials.
Persistence & Privilege
always is false and the skill does not request persistent/always-on privileges or modify other skills or system settings. It only reads its own config path and env vars.
Assessment
This skill appears to do what it says (DingTalk Bitable CRUD). Before installing: (1) ensure you provide valid DingTalk app credentials — the code reads DINGTALK_CLIENT_ID and DINGTALK_CLIENT_SECRET or ~/.openclaw/openclaw.json; these credentials are necessary and can access your DingTalk resources; (2) verify you trust the skill source because the registry metadata does not list those required credentials/config paths even though the code reads them; (3) if you want stricter auditing, run the tool in a constrained environment or review the dingtalk_bitable.py code yourself to confirm no additional endpoints/behavior are added.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jw58094pxmb0qxm2k8y9x58372y3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis

Comments