ClawHub

dingtalk-send-media

v1.0.1

发送钉钉媒体文件给用户或群聊。仅在用户明确要求把本地文件、截图、录音、视频、附件发送到钉钉,或当前上下文已明确是钉钉会话时使用。通过 `scripts/send_media.py` 执行,支持 image/voice/video/file 等。

0· 33·0 current·0 all-time
byAsh@shyzhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the skill provides a Python script that reads local file paths and sends them to DingTalk APIs. The account-detection logic (env vars, openclaw.json, bindings) is consistent with the stated goal of supporting multiple config sources.
Instruction Scope
SKILL.md limits use to explicit media-sending scenarios and instructs explicit invocation of scripts. The script reads ~/.openclaw/openclaw.json (or OPENCLAW_CONFIG) and several environment variables to locate DingTalk credentials — this is necessary for account detection, but it does mean the skill will load the user's OpenClaw config (which may contain other channel settings). The instructions do not ask to read unrelated files beyond that config.
Install Mechanism
No install spec; instruction-only plus a bundled Python script. No network-based installers, no external download URLs, and only standard-library Python usage are present in the package metadata and README.
Credentials
The env vars referenced (DINGTALK_CLIENTID, DINGTALK_CLIENTSECRET, DINGTALK_ROBOTCODE, OPENCLAW_AGENT_ID, OPENCLAW_ACCOUNT_ID, OPENCLAW_CONFIG, etc.) are relevant to DingTalk/OpenClaw operation. The skill does read the OpenClaw config file which can contain other channel credentials — this is explainable by the account autodetection feature, but users should be aware the script accesses that file if present.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request persistent installation or modify other skills; it is invoked explicitly per the SKILL.md guidance.
Assessment
This skill appears coherent and limited to sending local files to DingTalk. Before installing or allowing autonomous use: (1) review scripts/send_media.py yourself to confirm behavior, (2) be aware it will load ~/.openclaw/openclaw.json (or the path in OPENCLAW_CONFIG) to autodetect accounts — that file can include other credentials, so consider using DINGTALK_CLIENTID/DINGTALK_CLIENTSECRET env vars if you prefer not to expose the whole config, (3) confirm you trust the skill's source before letting it upload potentially sensitive files, and (4) avoid running it with elevated privileges or exposing unrelated secrets in the OpenClaw config.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cd34y7kcghdpnrcdd7wq25n84kjpn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📤 Clawdis
Any binpython, python3

Comments