ClawHub

DingTalk Channel Setup

v1.0.0

钉钉企业内部机器人渠道快速对接。Use when: 用户需要对接钉钉渠道、配置钉钉 Stream 模式、排查钉钉消息问题。NOT for: 飞书/Lark、企业微信等其他平台。

0· 1.1k·13 current·15 all-time
by@shaoyunhao0107
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (DingTalk channel setup) match the instructions: installing a dingtalk OpenClaw plugin, adding it to ~/.openclaw/openclaw.json, and supplying DingTalk AppKey/AppSecret. No unrelated credentials, binaries, or unexpected capabilities are requested.
Instruction Scope
SKILL.md instructs only installation of the plugin, editing OpenClaw config, restarting the gateway, and basic troubleshooting (checking gateway status, logs, plugin directory). Those file paths and commands (openclaw, ~/.openclaw/openclaw.json, extension directory) are directly relevant to the stated task and are not overly broad.
Install Mechanism
The skill is instruction-only (no code), but it instructs using `openclaw plugins install @soimy/dingtalk` which will fetch and install an npm-scoped plugin. Installing a third-party plugin runs code obtained from the npm registry (or a mirror). This is expected for a plugin-based setup but is a downstream trust/risk consideration; the SKILL.md itself does not use obscure download URLs.
Credentials
The only sensitive inputs are the expected DingTalk credentials (Client ID/AppKey and Client Secret) used to configure the channel. No unrelated secrets or system credentials are requested. The guide suggests setting HTTP(S)_PROXY and NPM_CONFIG_REGISTRY for installation, which is normal for users behind proxies.
Persistence & Privilege
The skill does not request elevated or persistent platform privileges. always is false and the instructions only modify the skill's own OpenClaw config (~/.openclaw/openclaw.json) and extension directory, which is appropriate for adding a channel plugin.
Assessment
This guide is coherent for setting up a DingTalk channel. Before proceeding: (1) verify you trust the npm package @soimy/dingtalk and its upstream repository (review code or repository reputation) because installing the plugin will execute third-party code; (2) back up ~/.openclaw/openclaw.json before automated scripts modify it; (3) treat Client ID/Client Secret as sensitive—do not share them or paste them into public locations; (4) prefer official registries or verify the mirror you use (npmmirror) and any proxy settings to avoid supply-chain/Man-in-the-Middle risks. If you cannot verify the plugin source, consider inspecting the plugin package contents after installation before enabling it.

Like a lobster shell, security has layers — review code before you run it.

latestvk975vb1fmagrh70aawg06ng13d82kxqy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💬 Clawdis
Binsopenclaw

Comments