← Back to Skills Marketplace
renjicode

Keplerjai Dingtalk Attendance

by 任佶 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
65
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install keplerjai-dingtalk-attendance
Description
从钉钉开放平台获取员工考勤数据,并保存到本地或推送到指定渠道。
README (SKILL.md)

\r \r

钉钉考勤数据获取技能\r

\r

功能描述\r

定时从钉钉开放平台获取员工考勤数据,并保存到本地或推送到指定渠道。\r \r

配置步骤\r

\r

1. 钉钉开放平台配置\r

  1. 访问 https://open.dingtalk.com\r
  2. 创建企业内部应用\r
  3. 获取 AppKey 和 AppSecret\r
  4. 添加应用权限:\r
    • 考勤管理权限\r
    • 通讯录权限(获取员工信息)\r
  5. 企业管理员审批授权\r \r

2. 本地配置\r

复制 .env.example.env 并填写:\r

DINGTALK_APP_KEY=你的 AppKey\r
DINGTALK_APP_SECRET=你的 AppSecret\r
DINGTALK_AGENT_ID=应用的 agentId\r
OUTPUT_DIR=./data/attendance\r
OUTPUT_FORMAT=json\r
```\r
\r
执行规则:\r
- 仅使用技能目录下的 `.env` 读取凭证与输出配置。\r
- 不依赖 `config.json`。\r
- 若 `.env` 已存在且字段完整,直接执行,不要重复要求用户在对话中提供凭证。\r
\r
建议先做本地自检:\r
- 确认 `.env` 文件在本技能根目录,与 `index.js` 同级。\r
- 确认包含 `DINGTALK_APP_KEY` 和 `DINGTALK_APP_SECRET`。\r
- 确认从本技能目录执行 `node index.js`(避免在其他目录启动导致找错文件)。\r
\r
Windows PowerShell 示例:\r
```powershell\r
Copy-Item .env.example .env\r
node index.js\r
```\r
\r
macOS/Linux 示例:\r
```bash\r
cp .env.example .env\r
node index.js\r
```\r
\r
### 3. 安装依赖\r
```bash\r
npm install axios moment\r
```\r
\r
## 使用方法\r
\r
### 手动运行\r
```bash\r
cd keplerjai-dingtalk-attendance\r
node index.js\r
```\r
\r
### 定时任务(推荐)\r
在 OpenClaw 中配置 cron 任务,每天自动获取前一天的考勤数据。\r
\r
## 输出数据\r
- 打卡记录(JSON/CSV)\r
- 考勤日报/月报\r
- 异常考勤提醒\r
\r
## 注意事项\r
- API 调用有频率限制,建议定时获取而非实时\r
- 需要企业管理员授权\r
- 敏感数据请妥善保管\r
\r
## Agent 执行约定\r
- 先读取本技能目录下的 `.env` 再执行任务。\r
- 若缺少必要字段,仅提示“本地 `.env` 缺少必填项”,不要要求用户在聊天中粘贴密钥。\r
- 默认返回考勤结果与输出文件位置,不回显任何密钥值。\r
Usage Guidance
What to consider before installing/running: - This skill does require DingTalk credentials (DINGTALK_APP_KEY and DINGTALK_APP_SECRET, plus optional agent/app IDs) even though the registry metadata lists none — do not paste secrets into chat; store them only in the .env in the skill directory as instructed. - The repo includes Node and Python code. Review index.js, export_excel.py and any config.json before running. index.js will call DingTalk APIs and save data locally under data/attendance and data/excel. - The Python exporter will automatically attempt to pip-install openpyxl at runtime if not present (export_excel.py uses os.system('pip install openpyxl -q')). That causes network access and package installation — if you prefer control, pre-install dependencies yourself (pip install -r requirements.txt and npm install) and remove/disable the auto-install line. - SKILL.md and README are inconsistent: SKILL.md's npm install step omits dotenv (which index.js requires), and SKILL.md says it won't use config.json but index.js will read config.json as a fallback. Treat those as documentation bugs and verify actual behavior locally. - Run initially in an isolated environment (VM, container, or isolated project), as the code will perform network calls to oapi.dingtalk.com and may install packages from registries. - Verify that the application will only be given minimal DingTalk permissions required for the task and that the hosting environment has least privilege (don't run as root). Consider rotating credentials after initial tests. - If you need higher assurance: audit package-lock.json / package.json for dependencies, run 'npm audit' and 'pip audit' (or equivalent), and consider removing the auto-install behavior or pinning dependency versions before production use. Overall: the functionality matches the stated purpose, but the manifest/instructions inconsistencies and the runtime auto-install behavior make this suspicious rather than clearly benign. Inspect and run it in an isolated/test environment and address the documentation and install issues before trusting it with production credentials.
Capability Analysis
Type: OpenClaw Skill Name: keplerjai-dingtalk-attendance Version: 1.0.0 The skill bundle is designed to fetch DingTalk attendance data and generate Excel reports. It is classified as suspicious due to high-risk execution patterns, specifically the use of 'os.system' in 'export_excel.py' to automatically install Python dependencies and 'child_process.exec' in 'index.js' to run shell commands. While the 'index.js' script implements date validation to mitigate command injection, these behaviors represent significant security vulnerabilities. The 'SKILL.md' file contains well-defined instructions to prevent the AI agent from leaking API credentials (AppKey/AppSecret) into the chat interface, which is a positive security measure.
Capability Assessment
Purpose & Capability
The code (index.js, export_excel.py, summary.py) implements a DingTalk attendance fetcher and exporter which is coherent with the skill description. However the registry metadata claims 'Required env vars: none' and 'instruction-only', which is false: the code requires DINGTALK_APP_KEY / DINGTALK_APP_SECRET (and optionally agent/app IDs) and ships Node/Python code—metadata under-declares required credentials and files.
Instruction Scope
SKILL.md instructs the agent to read a .env in the skill directory and not to ask users to paste keys in chat. The code does read .env but also falls back to config.json (index.js loads fileConfig) despite SKILL.md saying '不依赖 config.json'. The runtime actions are limited to calling DingTalk APIs and writing local JSON/Excel files (expected), but the Python exporter will auto-install openpyxl if missing, which causes network activity and package installation at runtime beyond what's documented in SKILL.md.
Install Mechanism
No install spec is declared in the registry (instruction-only), yet the bundle contains package.json/package-lock and Python scripts. SKILL.md's npm install instruction is incomplete (it asks to install axios and moment but omits dotenv which index.js requires). export_excel.py runs os.system('pip install openpyxl -q') if openpyxl is missing — an automatic runtime pip install from PyPI. These inconsistencies and the implicit network installs raise moderate risk.
Credentials
The skill needs DingTalk credentials (AppKey/AppSecret, agentId/appId) to function, but the registry metadata lists no required env vars or primary credential. That mismatch is significant: the skill will require secrets to operate but the manifest does not declare them. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request elevated platform privileges or always:true. It writes output files under its own data/ directories and does not appear to modify other skills or global configuration. Autonomous invocation is enabled by default but not combined with other high-risk factors here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install keplerjai-dingtalk-attendance
  3. After installation, invoke the skill by name or use /keplerjai-dingtalk-attendance
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of keplerjai-dingtalk-attendance. - Fetches employee attendance data from the DingTalk Open Platform. - Supports scheduled or manual data pulls, saving results locally or pushing to a specified channel. - Uses a `.env` file for credentials and configuration; no interactive credential requests. - Provides setup instructions, self-check guidelines, and output format options (JSON/CSV). - Includes guidance for both manual and automated (cron) execution. - Sensitive information is protected; credentials are not displayed in outputs.
Metadata
Slug keplerjai-dingtalk-attendance
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Keplerjai Dingtalk Attendance?

从钉钉开放平台获取员工考勤数据,并保存到本地或推送到指定渠道。 It is an AI Agent Skill for Claude Code / OpenClaw, with 65 downloads so far.

How do I install Keplerjai Dingtalk Attendance?

Run "/install keplerjai-dingtalk-attendance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Keplerjai Dingtalk Attendance free?

Yes, Keplerjai Dingtalk Attendance is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Keplerjai Dingtalk Attendance support?

Keplerjai Dingtalk Attendance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Keplerjai Dingtalk Attendance?

It is built and maintained by 任佶 (@renjicode); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments