ClawHub

Dida365 滴答清单 (Open API)

v1.0.0

滴答清单 (Dida365) API 集成,支持自建 OAuth 认证。管理任务和项目。 当用户想要在滴答清单中创建、更新、完成或组织任务和项目时使用此 Skill。 需要用户在 developer.dida365.com 创建应用并配置 DIDA365_CLIENT_ID、DIDA365_CLIENT_SECR...

0· 60·0 current·0 all-time
by@imchongliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the required environment variables (DIDA365_CLIENT_ID, DIDA365_CLIENT_SECRET) and the SKILL.md exclusively documents OAuth + API calls to dida365 endpoints — the requested secrets are exactly what an OAuth integration needs.
Instruction Scope
Instructions are limited to: creating a developer app, running a local temporary HTTP listener for OAuth callback, exchanging code for an access token, saving the token to ~/.config/dida365/token, and making API requests with that token. They do not ask to read unrelated system files, other credentials, or to exfiltrate data to third-party endpoints.
Install Mechanism
No install spec or external downloads — this is instruction-only. Nothing will be written to disk by an installer beyond the token file the script itself creates under the user's home directory.
Credentials
Only DIDA365_CLIENT_ID and DIDA365_CLIENT_SECRET are required, which are proportionate for an OAuth integration. The skill also stores an access token in ~/.config/dida365/token (documented) — expected for this workflow.
Persistence & Privilege
always:false and default autonomous invocation are used (normal). The skill does not request system-wide config changes or access to other skills' settings; it only writes/reads its own token file.
Assessment
This skill is internally consistent for integrating with Dida365, but take these practical precautions before installing: 1) Only provide DIDA365_CLIENT_ID and DIDA365_CLIENT_SECRET if you trust the skill source — this package has no homepage/source URL in the metadata. 2) The OAuth flow stores a long-lived access token (~180 days) at ~/.config/dida365/token; protect that file (permissions are set to 600 in the example) and do not commit it to version control. 3) Because there is no refresh token, you will need to re-authorize when the token expires. 4) The runtime instructions will cause the agent (or you running the snippet) to open a browser and start a local listener on 127.0.0.1:36500 — ensure that port/redirect URI are acceptable for you. 5) Avoid pasting client secrets or access tokens into third-party chats; if you are unsure of the registry publisher (owner ID present but no homepage), consider manually following the SKILL.md steps yourself rather than granting the agent autonomous access. If you want higher assurance, request a skill package with a verifiable source or an install spec from an official repository.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kxd2ktpf5tgcaxygz1dmrn83rsz6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvDIDA365_CLIENT_ID, DIDA365_CLIENT_SECRET

Comments