ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dingtalk Notify

v1.0.0

通过钉钉工作通知发送消息给指定用户。统一的消息推送渠道。 Use when: 需要发送钉钉工作通知、测试钉钉连通性、重试失败的钉钉消息、 发送文件到钉钉、切换钉钉机器人模型。Triggers: "钉钉通知", "钉钉推送", "发送钉钉", "dingtalk notify", "钉钉连通性", "钉钉测试",...

0· 68·1 current·1 all-time
by@m646pxhjf4-dot

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for m646pxhjf4-dot/dingtalk-notify.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Dingtalk Notify" (m646pxhjf4-dot/dingtalk-notify) from ClawHub.
Skill page: https://clawhub.ai/m646pxhjf4-dot/dingtalk-notify
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dingtalk-notify

ClawHub CLI

Package manager switcher

npx clawhub@latest install dingtalk-notify
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The described purpose (sending DingTalk work notifications) matches the commands in SKILL.md, but the skill bundle does not include or install the referenced scripts (~/.openclaw/workspace/scripts/*.sh) or declare any credentials; it assumes pre-existing local tooling without documenting it.
!
Instruction Scope
Runtime instructions explicitly invoke local shell scripts under the user's home directory and instruct sending arbitrary files (file path parameter). They also state OAuth2 auto-refresh and a local send-record path. Those instructions allow reading/transmitting local files and depend on token storage that is not described or controlled by the skill manifest.
Install Mechanism
No install spec (instruction-only). That lowers disk-write risk from this package itself, but it also means the skill relies on external scripts already present on disk—those scripts are not provided or audited here, which is a gap.
!
Credentials
SKILL.md references OAuth2 tokens and automatic refresh, yet the manifest declares no required environment variables or primary credential. It's unclear where credentials live or how they are protected; requesting/using OAuth tokens without documenting them is disproportionate and opaque.
Persistence & Privilege
The skill does not request always:true and does not declare modifications to other skills. However, instructions reference writing/reading files under ~/.openclaw/backups and running scripts in the user's home, which grants operational access to local data if those scripts are executed.
What to consider before installing
Before installing or enabling this skill: 1) Ask the author for the actual scripts (~/.openclaw/workspace/scripts/*.sh) and/or an install procedure; do not run unknown scripts. 2) Inspect those scripts' source to confirm where OAuth tokens are stored, what scopes/credentials they use, and whether they access unrelated files. 3) Confirm who controls the OAuth client/credentials and whether least-privilege scopes are enforced. 4) If you must test, run the scripts in a sandbox/container and avoid pointing them at sensitive files. 5) Prefer a skill package that includes its code or a documented, verifiable install step and explicit required env vars (e.g., DINGTALK_CLIENT_ID, DINGTALK_SECRET), or decline until the manifest and code align. If you cannot review the scripts and token storage, treat this as potentially risky and avoid granting it access to sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk970eanemdcy5eczb5p8gbjbpd84m437
68downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@m646pxhjf4-dot
latest
Download

DingTalk Notify

统一钉钉工作通知推送。

发送文本通知

~/.openclaw/workspace/scripts/dingtalk-work-notify.sh '[消息内容]' '106648074224033227'

userId: 106648074224033227(飞)

发送文件

# 增强版(支持多种文件类型)
~/.openclaw/workspace/scripts/dingtalk-send-file-enhanced.sh [文件路径] '106648074224033227'

# 简易版
~/.openclaw/workspace/scripts/dingtalk-send-file-simple.sh [文件路径] '106648074224033227'

连通性测试

~/.openclaw/workspace/scripts/dingtalk-work-notify.sh '🔔 连通性测试' '106648074224033227'

失败重试

# 自动重试未送达的消息
~/.openclaw/workspace/scripts/dingtalk-retry-send.sh

状态检查

# 检查钉钉服务状态
~/.openclaw/workspace/scripts/dingtalk-status.sh

认证方式

OAuth2 自动刷新,脚本自动处理 Token。

记录保存:所有发送记录保存在 ~/.openclaw/backups/notifications/send-record-YYYY-MM-DD.jsonl

Comments

Loading comments...