ClawHub

Dida365 Openapi

v1.0.0

基于滴答清单(Dida365)官方 OpenAPI 和 OAuth2 的任务管理 Skill,直连 dida365.com,不经过任何第三方服务,你的数据只在本地和滴答清单服务器之间传输。零第三方依赖,纯 Python 标准库实现。完整覆盖项目与任务的增删改查、完成、移动、筛选,支持标签、提醒、重复规则等丰富功能...

2· 199·2 current·2 all-time
by@workingcoder

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for workingcoder/dida365-openapi.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Dida365 Openapi" (workingcoder/dida365-openapi) from ClawHub.
Skill page: https://clawhub.ai/workingcoder/dida365-openapi
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: DIDA365_CLIENT_ID, DIDA365_CLIENT_SECRET
Required binaries: python
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dida365-openapi

ClawHub CLI

Package manager switcher

npx clawhub@latest install dida365-openapi
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise an OAuth2-backed CLI for Dida365 and the package includes an OAuth helper, an API client, HTTP layer, config persistence, and a CLI. The required env vars (DIDA365_CLIENT_ID and DIDA365_CLIENT_SECRET) are appropriate and expected for this purpose.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python CLI which implements OAuth flows, project/task CRUD, and input validation. The CLI runs a local HTTP listener for the localhost OAuth callback and persists config and token files under ~/.config/dida365-openapi/. This behavior is expected for an OAuth CLI, but note the client_secret and access_token are persisted locally (config.json and token.json).
Install Mechanism
No install spec; code is pure Python and claims zero third-party dependencies and uses the standard library (urllib, http.server, etc.). No remote downloads or package installers are invoked by the skill bundle.
Credentials
The skill requires only DIDA365_CLIENT_ID and DIDA365_CLIENT_SECRET. The code also optionally reads other DIDA365_* env vars (e.g. DIDA365_REDIRECT_URI, DIDA365_ACCESS_TOKEN, DIDA365_AUTH_BASE_URL, DIDA365_API_BASE_URL) as documented in references; those are optional and sensible. Storing client_secret and access_token locally is implemented and the code redacts secrets when printing status, but the config/token files will contain sensitive values unless the user omits them.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It persists its own config and token files under an XDG config path (~/.config/dida365-openapi/) with file permission handling (path parent set to 0700 and token file to 0600 on non-Windows). It does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: a local Python CLI that calls the official Dida365 OpenAPI. Before installing, consider: 1) Only provide a Dida365 OAuth app's client_id/client_secret that you control or trust; the skill will persist client_secret and the access_token to ~/.config/dida365-openapi/config.json and token.json. 2) The CLI uses a localhost callback (defaults to http://127.0.0.1:36500/callback) — make sure that port is acceptable in your environment. 3) The skill does not auto-refresh tokens in v1, so reauthorization may be necessary when tokens expire. 4) Optional env vars (DIDA365_REDIRECT_URI, DIDA365_ACCESS_TOKEN, DIDA365_API_BASE_URL, etc.) are supported — review them if you plan to override defaults. If you need extra assurance, inspect the bundled scripts (they're included) or run the CLI audit commands (auth status) before using it with real account data.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython
EnvDIDA365_CLIENT_ID, DIDA365_CLIENT_SECRET
latestvk974mx5an6n7qwpynx819h45pn83d1ef
199downloads
2stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@workingcoder
latest
Download

Dida365 OpenAPI

Overview

Use this skill to call the documented Dida365 OpenAPI surface through the bundled Python CLI. Prefer python scripts/dida365.py ... over ad hoc curl because the bundled CLI already handles OAuth, config loading, exact project-name resolution, structured errors, and every documented endpoint. Use Python 3.9 or newer.

The skill's default support surface is the documented API plus stable tested extensions that behaved consistently in real app/API round-trips:

  • task kind writes for TEXT and NOTE
  • task tags writes

Boundaries

This skill intentionally stays on the official Dida365 OpenAPI surface. It does not use browser-cookie private APIs.

That means the following are explicit non-goals here:

  • standalone tag catalog / CRUD operations outside task create or update writes
  • project folder / group operations
  • full-account sync from private endpoints
  • private batch task/project operations
  • achievement or productivity-stat calculations from private data

If a user asks for those, state that they are outside the official API-backed scope of this skill.

Quick Start

  1. Persist app config once:
    • python scripts/dida365.py auth setup --client-id ... --client-secret ... --redirect-uri ...
  2. Preferred OAuth path:
    • python scripts/dida365.py auth login-local --client-id ... --client-secret ...
    • Open the URL printed to stderr and finish the browser flow.
  3. Verify the connection:
    • python scripts/dida365.py project data --project-id inbox
  4. Read or write data:
    • python scripts/dida365.py project list
    • python scripts/dida365.py task create --project-id inbox --title "Example"
    • python scripts/dida365.py task completed --start-date ... --end-date ... to query completed tasks across all projects

Manual authorize-url / exchange-code flows remain supported; see references/auth-and-config.md when the localhost callback flow is not suitable.

Command Rules

  • Use auth for OAuth helpers, token cache inspection, and token cleanup.
  • Use project for project CRUD and project data reads.
  • Use task for task CRUD, complete, move, completed-task queries, and filter queries.
  • Use project data --project-id inbox for inbox reads. Do not use project get --project-id inbox.
  • Use --project-name only when the user gave a human-readable project name. Resolution is exact match only.
  • Use --json-file or --json when the payload contains arrays or nested objects such as items, reminders, bulk move operations, or advanced filter bodies.
  • Treat first-class flags as the final override layer. --json-file loads a base payload, --json overrides it, and scalar flags override both.
  • After write operations such as task create, task update, and task complete, prefer a read-back step when the stored result matters. Use task get to verify fields like reminders, repeatFlag, tags, and kind.
  • Stable task kind writes are TEXT and NOTE. Use checklist items instead of direct CHECKLIST kind writes.
  • task filter --tag-json uses any-match / OR semantics in real testing, not all-match semantics.
  • Unfiltered task filter responses are capped at 200 rows for this endpoint on the tested account. Narrow the query window or add filters when completeness matters.
  • Use the enum values, date format, confirmed reminder patterns, and confirmed recurrence patterns from references/api-reference.md. Do not invent undocumented values.
  • The CLI blocks known gray-area reminder and recurrence values. If a pattern is not listed as confirmed in references/api-reference.md, do not assume it is safe.
  • Expect JSON on stdout for every command. Commands that allow successful empty responses normalize them to {"ok": true}.
  • Expect structured JSON errors on stderr for validation failures and non-2xx API responses.

Auth And Config

  • Config precedence is CLI flags, then environment variables, then local files in ${XDG_CONFIG_HOME:-~/.config}/dida365-openapi/.
  • auth exchange-code and auth login-local persist config and token state; auth setup persists config without performing OAuth.
  • See references/auth-and-config.md for environment variables, local file locations, and localhost callback details.

Command Selection

  • Need the raw authorization link: use auth authorize-url.
  • Already have an OAuth code: use auth exchange-code.
  • Want the CLI to wait for the browser callback: use auth login-local.
  • Need to inspect current config or token state: use auth status.
  • Need to remove only the cached token: use auth clear-token.
  • Need inbox tasks or columns: use project data --project-id inbox.
  • Need one project by id or exact name: use project get.
  • Need tasks under a project plus columns: use project data.
  • Need today's tasks: use task filter with the local-day startDate / endDate window.
  • Need a weekly completion review: use task completed with a weekly date range and omit --project-id for an account-wide view.
  • Need an exact documented create/update payload: prefer --json-file.
  • Need a single move operation quickly: use task move --from-project-id ... --to-project-id ... --task-id ....
  • Need multiple move operations: use task move --json '[{...}, {...}]'.
  • Need completed tasks across all projects: omit --project-id from task completed.

References

Comments

Loading comments...