钉钉宜搭开发助手
v1.0.1钉钉宜搭低代码开发助手。用于创建表单和自定义页面、编写 JS 动作面板、使用 JS-API、配置数据源、设计流程自动化。适用于宜搭表单开发、JS 代码调试、API 集成等场景。
⭐ 2· 395·0 current·0 all-time
bykuma@yize
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description (Yida/DingTalk low-code dev helper) align with the provided content: component conventions, JS action panel APIs, formulas, integrations, TodoMVC tutorial and troubleshooting. The skill does not request unrelated binaries, env vars, or config paths.
Instruction Scope
SKILL.md and references are documentation and runtime examples for Yida pages and data sources only. Examples include dynamic loading of external scripts (e.g., g.alicdn.com/vConsole and placeholder example.com URLs) and remote API endpoints for DingTalk; these are expected for this domain but worth noting because copying/executing those example external URLs in a runtime could run third-party code.
Install Mechanism
No install spec and no code files to write or execute. Instruction-only skills are lowest-risk from an install perspective.
Credentials
No required environment variables, binaries, or credentials are declared or accessed. References to DingTalk/Open API usage are documented but the skill does not request keys itself.
Persistence & Privilege
always is false and the skill is user-invocable/autonomous-invocation-enabled (default). It does not request elevated persistent privileges or modify other skills' config.
Assessment
This package is documentation-only and internally consistent with a Yida (钉钉宜搭) development helper. It does not ask for credentials or install code, so the immediate risk is low. Things to consider before installing/using: (1) origin unknown / no homepage listed — prefer skills from known publishers or with a homepage if you require traceability; (2) some examples show dynamically loading external scripts (g.alicdn.com and example.com placeholders) and remote API endpoints — do not blindly copy third-party URLs into production pages; verify any external script host and avoid loading untrusted scripts; (3) when you integrate with real DingTalk/Yida OpenAPI or AI nodes you will need platform credentials — supply those only to trusted code and follow your org's secret-management practices. If you want higher assurance, ask the publisher for a homepage, source link, or provenance information.Like a lobster shell, security has layers — review code before you run it.
latestvk97cnaetvxdkas8db7ewjs41dn82bq27
License
MIT-0
Free to use, modify, and redistribute. No attribution required.