ClawHub

Dingtalk Setup

v0.1.0

钉钉企业内部机器人渠道快速对接。Use when: 用户需要对接钉钉渠道、配置钉钉 Stream 模式、排查钉钉消息问题。NOT for: 飞书/Lark、企业微信等其他平台。

0· 452·1 current·2 all-time
by@shaoyunhao0107
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (DingTalk channel setup) match the runtime instructions: installing an OpenClaw dingtalk plugin, editing ~/.openclaw/openclaw.json, and configuring Client ID/Secret and optional fields. The single required binary is openclaw, which is appropriate.
Instruction Scope
Instructions stay within the scope of installing/configuring a channel and troubleshooting (editing openclaw.json, restarting gateway, checking logs). Note: the docs include an automated PowerShell script invocation and examples that pass ClientSecret on the command line; passing secrets as CLI args or storing them in plaintext config files can expose them (process lists, backups).
Install Mechanism
No install spec in the skill itself; user-facing instructions call openclaw plugins install @soimy/dingtalk (an OpenClaw/npm-based plugin). This is proportional and uses standard registries (registry.npmmirror.com or npm). No arbitrary downloads or obscure URLs in the SKILL.md.
Credentials
The skill declares no required env vars or credentials, which matches the content. However, examples in the docs contain concrete-looking clientId/clientSecret strings (likely illustrative) and the auto-setup script pattern requires secrets as parameters — both are operational privacy concerns but are consistent with the skill's purpose.
Persistence & Privilege
Skill is instruction-only, always:false, and does not request persistent elevated privileges or modify other skills' configurations beyond advising edits to the user's own ~/.openclaw/openclaw.json and plugin directory, which is expected for a channel plugin.
Assessment
This skill appears coherent for setting up a DingTalk channel. Before installing: (1) Verify the plugin repository (https://github.com/soimy/openclaw-channel-dingtalk) and inspect its code if possible; (2) avoid pasting real secrets into screenshots/public places or using example secrets shown in docs; prefer the interactive configure flow rather than supplying secrets on the command line (CLI args can be visible in process lists); (3) back up ~/.openclaw/openclaw.json before editing and consider storing secrets in a secure vault if your environment supports it; (4) only use trusted npm registries and avoid unknown proxies; (5) if you accidentally exposed credentials while testing, rotate them on the DingTalk Open Platform.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dg3t572y06ss2gz04399b3582jzh1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💬 Clawdis
Binsopenclaw

Comments