ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DingTalk Bridge

v1.0.0

DingTalk group chat bridge for Claude Code. Send markdown/text messages to DingTalk groups, receive @mentions and auto-execute via Claude CLI, run a 24/7 Str...

0· 57·0 current·0 all-time
by@mguozhen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mguozhen/dingtalk-bridge.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "DingTalk Bridge" (mguozhen/dingtalk-bridge) from ClawHub.
Skill page: https://clawhub.ai/mguozhen/dingtalk-bridge
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dingtalk-bridge

ClawHub CLI

Package manager switcher

npx clawhub@latest install dingtalk-bridge
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's code and SKILL.md clearly require DINGTALK_APP_KEY and DINGTALK_APP_SECRET and a claude binary to auto-execute prompts, but the registry metadata declared no required environment variables or primary credential. That registry omission is an incoherence: anyone installing this needs to supply DingTalk credentials and may choose a claude CLI — those should be declared. The included install script and files align with the stated purpose (DingTalk bridge), so the overall capability matches the description, but metadata is inconsistent.
!
Instruction Scope
Runtime instructions and the implementation instruct the agent to receive @mentions and execute the message text via subprocess.run invoking the claude CLI. The subprocess call uses --dangerously-skip-permissions and env=os.environ and runs in a configurable workdir. That gives the bridged prompts broad potential access (model permission bypass + full environment + filesystem under workdir). The SKILL.md does not highlight the security implications of auto-executing arbitrary group messages or of the permission-bypass flag.
Install Mechanism
Installer is an included shell script (install.sh) that pip-installs packages from PyPI (dingtalk_stream, websockets) — expected for this purpose. The script can create a macOS LaunchAgent (writes to ~/Library/LaunchAgents and calls launchctl) to run the bot 24/7. Installing dependencies from PyPI is normal but carries standard supply-chain risk; the LaunchAgent creation is a persistent change to the user's environment and should be opted into consciously.
!
Credentials
The code expects DingTalk App Key/Secret (DINGTALK_APP_KEY, DINGTALK_APP_SECRET), DINGTALK_WORKDIR, DINGTALK_CLAUDE_BIN, etc., but the skill registry declared none. More importantly, the bot runs the claude process with env=os.environ, which exposes the subprocess to all environment variables (including potentially sensitive credentials). Combined with --dangerously-skip-permissions, this is disproportionate unless carefully constrained (explicitly declared and limited).
!
Persistence & Privilege
The installer offers to create a LaunchAgent so the bot runs continuously (24/7). That's user-visible persistence (not forced by always:true), but when combined with the auto-execute behavior and permission bypass flag it significantly increases blast radius: an attacker able to post to a bridged group could cause repeated autonomous invocations that run with the process environment and workdir. The skill does not modify other skills' configs.
What to consider before installing
This skill implements exactly the described bridge (send messages; auto-execute @mentions), but there are important security trade-offs you should understand before installing: - The registry metadata omits required env vars: the code requires DINGTALK_APP_KEY and DINGTALK_APP_SECRET. Treat those like any API secret. - The Stream bot will execute incoming @mention text by calling your local 'claude' CLI. The implementation uses the flag --dangerously-skip-permissions and passes env=os.environ, which gives the invoked process broad access to environment variables and (depending on the claude CLI) possibly the filesystem and network. In short: messages from group chats can trigger a powerful, potentially privileged operation. - The installer can create a macOS LaunchAgent for continuous operation. Only enable that if you fully trust the group(s) that can @mention the bot and after you harden configuration. Recommended mitigations before installing: 1. Audit the code (especially stream_bot.py) and remove or replace the --dangerously-skip-permissions flag unless you understand the implications. 2. Set claude_bin to a wrapper that enforces limits (e.g., run claude in a constrained environment/container or with a restricted user). Do not run the bot as root. 3. Explicitly set DINGTALK_WORKDIR to a directory with no sensitive files and not your home directory or any repo with secrets. 4. Avoid enabling LaunchAgent until you validate behavior interactively. If you enable it, ensure the plist's WorkingDirectory and PATH are as restrictive as possible. 5. Limit which DingTalk groups/users can mention the bot (use DingTalk group membership controls) and do not add it to public/untrusted groups. 6. Consider removing env=os.environ in subprocess.run or filtering the environment passed to claude to only what is needed. 7. Because registry metadata omitted required credentials, ask the skill author to correct the manifest to list required env vars and document the risk of auto-execution. If you do not trust the bot's code or the groups that will mention it, do not install. If you need to run it, run it in an isolated VM/container and review and harden the code as noted.

Like a lobster shell, security has layers — review code before you run it.

chatbotvk974q7yqnecq1te6ghxftw96rh84szq9chinavk974q7yqnecq1te6ghxftw96rh84szq9dingtalkvk974q7yqnecq1te6ghxftw96rh84szq9latestvk974q7yqnecq1te6ghxftw96rh84szq9messagingvk974q7yqnecq1te6ghxftw96rh84szq9notificationvk974q7yqnecq1te6ghxftw96rh84szq9
57downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@mguozhen
chatbotchinadingtalklatestmessagingnotification
Download

DingTalk Bridge Skill

Bridges Claude Code with DingTalk group chat via the DingTalk Stream SDK + OpenAPI.

Capabilities

FeatureDescription
Send MarkdownSend rich markdown messages to a DingTalk group
Send TextSend plain text messages
Stream Bot24/7 listener: receive @mentions, execute via claude -p, reply with results
Auto Conv DiscoveryConversation ID auto-saved on first @mention
Keepalive20s WebSocket ping prevents DingTalk 30-min timeout
Crash RecoveryExponential backoff (5s to 60s) on disconnect

Quick Start

1. Install

bash "$CLAUDE_SKILL_DIR/scripts/install.sh"

The script will:

  • Install Python dependencies (dingtalk_stream, websockets)
  • Prompt for your DingTalk App Key & Secret (or read from env)
  • Generate config.json
  • Create data/ directory for conversation state
  • Optionally create a macOS LaunchAgent for 24/7 operation

2. Configure

Set credentials via environment variables (recommended):

export DINGTALK_APP_KEY="your_app_key"
export DINGTALK_APP_SECRET="your_app_secret"
export DINGTALK_WORKDIR="/path/to/your/project"  # optional

Or edit config.json in the skill directory (see config.example.json).

3. Get Conversation ID

The bot needs a conversation ID to send messages. Two ways:

Auto (recommended): Start the Stream bot, then @mention it in a DingTalk group. The conv ID is saved automatically.

Manual: If you already have the openConversationId and robotCode:

mkdir -p "$CLAUDE_SKILL_DIR/data"
echo '{"openConversationId":"YOUR_ID","robotCode":"YOUR_ROBOT_CODE"}' > "$CLAUDE_SKILL_DIR/data/conv.json"

Commands

Send a message

# Markdown (default)
python3 "$CLAUDE_SKILL_DIR/src/send.py" "**Bold** message with markdown"

# With custom title
python3 "$CLAUDE_SKILL_DIR/src/send.py" --title "Alert" "Server is down!"

# Plain text
python3 "$CLAUDE_SKILL_DIR/src/send.py" --text "Plain text message"

Start the Stream Bot

python3 "$CLAUDE_SKILL_DIR/src/stream_bot.py"

The bot will:

  1. Connect to DingTalk via Stream protocol
  2. Listen for all @mentions in groups where the bot is added
  3. Execute the message content via claude -p "<message>" --continue
  4. Reply with the result as a markdown message

Use as Python module

import sys
sys.path.insert(0, "/path/to/dingtalk-bridge/src")
from send import send_markdown, send_text

send_markdown("Daily Report", "**Sent:** 50\n**Opened:** 18\n**Clicked:** 7")
send_text("Simple notification")

Configuration Reference

Config KeyEnv VarDefaultDescription
app_keyDINGTALK_APP_KEY(required)DingTalk App Key
app_secretDINGTALK_APP_SECRET(required)DingTalk App Secret
conv_fileDINGTALK_CONV_FILE<skill>/data/conv.jsonConversation metadata path
workdirDINGTALK_WORKDIRcwdWorking directory for claude CLI
claude_binDINGTALK_CLAUDE_BINclaudePath to claude binary
max_replyDINGTALK_MAX_REPLY3000Max reply length (chars)
keepaliveDINGTALK_KEEPALIVE20WebSocket keepalive interval (seconds)

DingTalk App Setup (Prerequisites)

  1. Go to DingTalk Open Platform
  2. Create an Enterprise Internal App (企业内部应用)
  3. Enable Robot capability (机器人)
  4. Set message receive mode to Stream (Stream 模式)
  5. Copy the App Key and App Secret
  6. Add the bot to a group chat

Running Tests

python3 "$CLAUDE_SKILL_DIR/tests/test_dingtalk.py"

Architecture

dingtalk-bridge/
├── SKILL.md              # This file
├── config.example.json   # Example configuration
├── config.json           # Your config (gitignored)
├── data/
│   └── conv.json         # Auto-saved conversation metadata
├── src/
│   ├── __init__.py
│   ├── config.py         # Config loader (env > file > defaults)
│   ├── send.py           # Send messages (OpenAPI)
│   └── stream_bot.py     # Stream bot (receive + execute + reply)
├── scripts/
│   └── install.sh        # One-command setup
└── tests/
    └── test_dingtalk.py  # Regression tests

Comments

Loading comments...