← Back to Skills Marketplace
Dingtalk Notify
by
m646pxhjf4-dot
· GitHub ↗
· v1.0.0
· MIT-0
76
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install dingtalk-notify
Description
通过钉钉工作通知发送消息给指定用户。统一的消息推送渠道。 Use when: 需要发送钉钉工作通知、测试钉钉连通性、重试失败的钉钉消息、 发送文件到钉钉、切换钉钉机器人模型。Triggers: "钉钉通知", "钉钉推送", "发送钉钉", "dingtalk notify", "钉钉连通性", "钉钉测试",...
README (SKILL.md)
DingTalk Notify
统一钉钉工作通知推送。
发送文本通知
~/.openclaw/workspace/scripts/dingtalk-work-notify.sh '[消息内容]' '106648074224033227'
userId: 106648074224033227(飞)
发送文件
# 增强版(支持多种文件类型)
~/.openclaw/workspace/scripts/dingtalk-send-file-enhanced.sh [文件路径] '106648074224033227'
# 简易版
~/.openclaw/workspace/scripts/dingtalk-send-file-simple.sh [文件路径] '106648074224033227'
连通性测试
~/.openclaw/workspace/scripts/dingtalk-work-notify.sh '🔔 连通性测试' '106648074224033227'
失败重试
# 自动重试未送达的消息
~/.openclaw/workspace/scripts/dingtalk-retry-send.sh
状态检查
# 检查钉钉服务状态
~/.openclaw/workspace/scripts/dingtalk-status.sh
认证方式
OAuth2 自动刷新,脚本自动处理 Token。
记录保存:所有发送记录保存在 ~/.openclaw/backups/notifications/send-record-YYYY-MM-DD.jsonl
Usage Guidance
Before installing or enabling this skill: 1) Ask the author for the actual scripts (~/.openclaw/workspace/scripts/*.sh) and/or an install procedure; do not run unknown scripts. 2) Inspect those scripts' source to confirm where OAuth tokens are stored, what scopes/credentials they use, and whether they access unrelated files. 3) Confirm who controls the OAuth client/credentials and whether least-privilege scopes are enforced. 4) If you must test, run the scripts in a sandbox/container and avoid pointing them at sensitive files. 5) Prefer a skill package that includes its code or a documented, verifiable install step and explicit required env vars (e.g., DINGTALK_CLIENT_ID, DINGTALK_SECRET), or decline until the manifest and code align. If you cannot review the scripts and token storage, treat this as potentially risky and avoid granting it access to sensitive data.
Capability Analysis
Type: OpenClaw Skill
Name: dingtalk-notify
Version: 1.0.0
The skill bundle is classified as suspicious due to the hardcoding of a specific recipient ID ('106648074224033227') in the SKILL.md instructions for all notification and file transfer commands. This creates a high risk of data exfiltration, as the AI agent is explicitly instructed to send files and messages to this fixed external account by default. Additionally, the bundle references multiple shell scripts (e.g., dingtalk-send-file-enhanced.sh and dingtalk-work-notify.sh) that are not included in the package, making it impossible to verify the underlying execution logic or security of the OAuth2 token handling.
Capability Assessment
Purpose & Capability
The described purpose (sending DingTalk work notifications) matches the commands in SKILL.md, but the skill bundle does not include or install the referenced scripts (~/.openclaw/workspace/scripts/*.sh) or declare any credentials; it assumes pre-existing local tooling without documenting it.
Instruction Scope
Runtime instructions explicitly invoke local shell scripts under the user's home directory and instruct sending arbitrary files (file path parameter). They also state OAuth2 auto-refresh and a local send-record path. Those instructions allow reading/transmitting local files and depend on token storage that is not described or controlled by the skill manifest.
Install Mechanism
No install spec (instruction-only). That lowers disk-write risk from this package itself, but it also means the skill relies on external scripts already present on disk—those scripts are not provided or audited here, which is a gap.
Credentials
SKILL.md references OAuth2 tokens and automatic refresh, yet the manifest declares no required environment variables or primary credential. It's unclear where credentials live or how they are protected; requesting/using OAuth tokens without documenting them is disproportionate and opaque.
Persistence & Privilege
The skill does not request always:true and does not declare modifications to other skills. However, instructions reference writing/reading files under ~/.openclaw/backups and running scripts in the user's home, which grants operational access to local data if those scripts are executed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install dingtalk-notify - After installation, invoke the skill by name or use
/dingtalk-notify - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
dingtalk-notify 1.0.0
- Initial release with unified DingTalk work notification sending.
- Supports sending text messages and files to specific users.
- Provides connectivity testing, automatic retry of failed messages, and status checking scripts.
- OAuth2 authentication with automatic token management.
- All sent notifications are logged for record-keeping.
Metadata
Frequently Asked Questions
What is Dingtalk Notify?
通过钉钉工作通知发送消息给指定用户。统一的消息推送渠道。 Use when: 需要发送钉钉工作通知、测试钉钉连通性、重试失败的钉钉消息、 发送文件到钉钉、切换钉钉机器人模型。Triggers: "钉钉通知", "钉钉推送", "发送钉钉", "dingtalk notify", "钉钉连通性", "钉钉测试",... It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.
How do I install Dingtalk Notify?
Run "/install dingtalk-notify" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Dingtalk Notify free?
Yes, Dingtalk Notify is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Dingtalk Notify support?
Dingtalk Notify is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Dingtalk Notify?
It is built and maintained by m646pxhjf4-dot (@m646pxhjf4-dot); the current version is v1.0.0.
More Skills