钉钉 OA 审批工具
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent DingTalk approval integration, but it can use DingTalk app credentials to view and approve or reject real workplace requests.
Before installing, confirm you trust this skill with DingTalk OA access. Configure a dedicated least-privilege DingTalk app, store appSecret securely, avoid admin/shared user IDs where possible, and require clear confirmation before approving or rejecting any task.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad instruction could cause the assistant to approve or reject a real OA request.
The skill can perform approval decisions in DingTalk. This is disclosed and core to the purpose, but it changes real business workflow state.
执行审批:调用 `execute_approval_task` 时必须传入从 `get_pending_tasks` 获取的 task_id ... `action`: `"AGREE"`(同意)或 `"REFUSE"`(拒绝)
Have the assistant show the target task details and get clear user confirmation before every agree/refuse action, especially for reimbursements, contracts, leave, or batch requests.
Anyone who can use the configured agent may be able to act through the configured DingTalk app/user permissions.
The skill requires DingTalk application credentials and delegated enterprise permissions. This is expected for the integration, but those credentials are sensitive and can carry broad account authority.
记录以下信息:AppKey ... AppSecret ... 添加以下权限:OA 审批:`process` 相关权限 ... 通讯录:`contact` 相关权限(用于获取用户信息)
Use a dedicated least-privilege DingTalk app, avoid shared/admin credentials unless necessary, protect appSecret, and grant contact or holiday permissions only when the deployed workflow truly needs them.
Approval titles, applicant information, form contents, and vacation balance results may be visible in the chat/session where the skill is used.
The visible code sends credentials to DingTalk's token endpoint and queries DingTalk OA APIs. The destination is purpose-aligned and disclosed, but approval data will enter the agent's context.
fetch("https://api.dingtalk.com/v1.0/oauth2/accessToken" ... body: JSON.stringify({ appKey: config.appKey, appSecret: config.appSecret })) ... fetch(`https://oapi.dingtalk.com/topapi/process/workrecord/task/query?access_token=${token}`Use the skill only in trusted workspaces, avoid exposing transcripts containing sensitive HR or business approval data, and keep DingTalk configuration scoped to the intended user.