ClawHub

feishu-dingtalk-bridge

v1.0.0

打通飞书/钉钉开放API,实现日程同步、审批追踪、文档解析与智能待办分发的企业协同中枢

0· 66·0 current·0 all-time
by@boboy-j
Security Scan
Capability signals
CryptoRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Feishu/DingTalk bridge for calendar/approvals/docs/tasks) match the declared required parameters and the actions in SKILL.md. Requiring an auth_token parameter is appropriate and expected for calling these platform APIs.
Instruction Scope
SKILL.md stays within scope: validate input, route to platform API logic (sync_calendar/fetch_approval/parse_doc/distribute_task), clean/filter data, and produce Markdown reports. It does not instruct reading unrelated system files or other credentials. Note: the doc asserts data is desensitized but does not include enforcement or storage instructions — that is an operational detail the runtime must implement correctly.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be written to disk by an installer (lowest install risk).
Credentials
The skill requires a single platform auth_token parameter (declared in schema and examples) which is proportionate to the stated purpose. No unrelated environment variables, secrets, or config paths are requested.
Persistence & Privilege
always:false and no install or persistence mechanisms. The skill does not request elevated/system-wide presence or modify other skills' configurations.
Assessment
This skill appears coherent, but it will receive and use your platform access token — only provide a least-privilege token (scoped to needed APIs) and avoid using a full-admin credential. Confirm the runtime implementation does not log or echo auth_token (examples explicitly forbid returning it). Because SKILL.md is instruction-only, verify the agent runtime actually enforces rate limits, data masking, and retention policies claimed in the docs. If you plan to run this in production, test with a separate account or restricted test app, rotate tokens after testing, and monitor network calls and outputs for accidental leakage of sensitive fields.

Like a lobster shell, security has layers — review code before you run it.

latestvk975hv85mskgfhxb2tj0tq58kx853gxq
66downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
@boboy-j
latest
Download

🌐 飞书钉钉协同中枢

🎯 核心定位

将企业IM/审批/日历/文档API转化为结构化工作流,自动聚合碎片信息并生成可执行待办清单。

🔄 工作流指令

  1. 校验 platformauth_token 格式,失败则终止并提示授权路径。
  2. 根据 action 路由至对应API逻辑:
    • sync_calendar:拉取指定周期日程 → 冲突检测 → 输出时间轴
    • fetch_approval:查询审批流状态 → 超时/驳回预警 → 输出处理建议
    • parse_doc:提取文档关键段落(合同/纪要/SOP)→ 结构化摘要
    • distribute_task:按角色/部门拆分任务 → 生成派单模板
  3. 清洗返回数据,过滤脱敏字段,对齐企业字段映射规范。
  4. 按输出模板生成 Markdown 报告。

📤 输出模板

# 📅 协同工作流执行报告

## 1. 数据聚合摘要
| 模块 | 数据量 | 异常项 | 同步状态 |
|:---|:---|:---|:---|
| 日程/审批/文档/任务 | ... | ... | ✅/⚠️ |

## 2. 核心事项清单
| 事项名称 | 责任方 | 截止时间 | 当前状态 | 下一步动作 |
|:---|:---|:---|:---|:---|
| ... | ... | ... | ... | ... |

## 3. 自动化建议
- 规则匹配项:...
- 需人工介入项:...
- 建议调度策略:...
> ⚠️ 所有API调用已遵循平台限频策略。敏感数据已脱敏处理。

Comments

Loading comments...