← 返回 Skills 市场
Dingtalk Csa
作者
Andy Liang
· GitHub ↗
· v1.0.2
· MIT-0
104
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install dingtalk-csa
功能描述
钉盘助手 (DingTalk Cloud Storage Assistant) - 管理钉钉云盘空间、文件和文档。用当用户要求读写钉盘文件、管理团队空间、上传下载文档、操作adoc文档时触发。也适用于钉钉文件分析、报告生成、团队协作等场景。触发词:钉盘、钉钉云盘、DingTalk storage、钉钉文件、钉钉文档。
使用说明 (SKILL.md)
钉盘助手 DingTalk Cloud Storage Assistant
管理钉钉云盘:团队空间、文件上传下载、钉钉文档读写、团队协作。
🔒 安全模型:读任意,写受限
核心原则:AI 可以读取任何可访问的空间,但只能写入指定的文件夹。
这确保了:
- ✅ AI 可以读取团队共享文件(用于分析、总结等)
- ✅ AI 只能在预批准的协作文件夹中写入
- ❌ 重要文件不会被意外修改或覆盖
配置写入白名单
在 SKILL.md 的 ALLOWED_WRITE_PATHS 中配置允许写入的位置:
# === 写入白名单 ===
# AI 只能写入以下位置
ALLOWED_WRITE_PATHS:
- spaceId: "YOUR_SPACE_ID"
parentDentryId: "YOUR_FOLDER_ID"
path: "/AI_Collab"
description: "AI协作文件夹 - AI只允许写入此文件夹"
执行规则:
- 读取:允许访问任何空间/文件夹 ✅
- 写入(上传文件、创建文档、创建文件夹):仅在白名单内 ✅
- 删除:不允许 ❌
- 任何写入操作前,必须先检查目标路径是否在白名单中
🔑 认证
所有 API 调用需要 access token,通过以下方式获取:
curl -X POST 'https://api.dingtalk.com/v1.0/oauth2/accessToken' \
-H 'Content-Type: application/json' \
-d '{"appKey": "'"$DINGTALK_APP_KEY"'", "appSecret": "'"$DINGTALK_APP_SECRET"'"}'
环境变量配置:
DINGTALK_APP_KEY— 钉钉应用的 AppKeyDINGTALK_APP_SECRET— 钉钉应用的 AppSecret(⚠️ 绝不要明文写在代码或配置文件中)
Token 有效期 2 小时,请缓存避免重复请求。
核心操作
1. 列出空间(读 ✅)
# 企业空间
curl -X GET "https://api.dingtalk.com/v1.0/drive/spaces?unionId=\x3CunionId>&spaceType=org&maxResults=50" \
-H "x-acs-dingtalk-access-token: \x3CTOKEN>"
2. 列出文件(读 ✅)
curl -X POST "https://api.dingtalk.com/v1.0/storage/spaces/{spaceId}/dentries/listAll" \
-H "x-acs-dingtalk-access-token: \x3CTOKEN>" \
-H 'Content-Type: application/json' \
-d '{"unionId": "\x3CunionId>"}'
3. 读取文档内容(读 ✅)
.adoc 格式的钉钉文档,用 uuid 作为 documentId:
curl -X GET "https://api.dingtalk.com/v1.0/doc/suites/documents/{documentId}/blocks?operatorId=\x3CunionId>" \
-H "x-acs-dingtalk-access-token: \x3CTOKEN>"
4. 写入文档内容(写 ⚠️ 检查白名单)
# 覆写整个文档(Markdown格式)
curl -X POST "https://api.dingtalk.com/v1.0/doc/suites/documents/{documentId}/overwriteContent?operatorId=\x3CunionId>" \
-H "x-acs-dingtalk-access-token: \x3CTOKEN>" \
-H 'Content-Type: application/json' \
-d '{"content": "# Markdown Content", "dataType": "markdown"}'
# 追加内容到文档
curl -X POST "https://api.dingtalk.com/v1.0/doc/suites/documents/{documentId}/content?operatorId=\x3CunionId>" \
-H "x-acs-dingtalk-access-token: \x3CTOKEN>" \
-H 'Content-Type: application/json' \
-d '{"content": {"type": "markdown", "content": "## New Section"}}'
5. 创建文件夹(写 ⚠️ 检查白名单)
curl -X POST "https://api.dingtalk.com/v1.0/storage/spaces/{spaceId}/dentries/{parentId}/folders" \
-H "x-acs-dingtalk-access-token: \x3CTOKEN>" \
-H 'Content-Type: application/json' \
-d '{"unionId": "\x3CunionId>", "name": "New Folder"}'
6. 上传文件(写 ⚠️ 检查白名单)
3步流程,详见 references/upload-guide.md
7. 下载文件(读 ✅)
curl -X POST "https://api.dingtalk.com/v1.0/storage/spaces/{spaceId}/dentries/{dentryId}/downloadInfos/query?unionId=\x3CunionId>" \
-H "x-acs-dingtalk-access-token: \x3CTOKEN>" \
-H 'Content-Type: application/json' \
-d '{"option": {"version": 1}}'
必需权限
核心权限(7个):
Storage.Space.Read- 钉盘应用盘空间读Storage.Space.Write- 钉盘应用盘空间写Storage.File.Read- 钉盘应用文件读Storage.File.Write- 钉盘应用文件写Storage.UploadInfo.Read- 钉盘上传信息读Storage.DownloadInfo.Read- 钉盘下载信息读企业存储文件下载信息读权限- 企业存储文件下载(配合#6)
参考文档
- permissions.md - 完整权限清单和开通指南
- permission-list-share.md - 可分享给管理员的权限清单
- upload-guide.md - 3步上传流程详解
安全使用建议
This instruction-only skill appears to do what it says (manage DingTalk Drive) and legitimately needs an AppKey/AppSecret. Before installing: 1) resolve the metadata mismatch — ensure the platform shows DINGTALK_APP_KEY and DINGTALK_APP_SECRET as required so you can supply them securely (via secrets/env injection), not hard-coded; 2) only grant the DingTalk app the minimal permissions needed (prefer read-only where possible) and avoid enabling broad write/delete privileges; 3) configure and verify the ALLOWED_WRITE_PATHS whitelist in a safe test environment and confirm your agent honors it (the SKILL.md outlines the rule but enforcement depends on integrator/agent); 4) because the skill can read any accessible spaces, review which team spaces the app will have access to and limit scope to avoid exposing sensitive files; 5) note the source/homepage is unknown — if possible, verify the publisher (owner ID) or prefer a skill with a known, trusted source. If you need higher assurance, request the publisher to fix the metadata and provide an explicit statement or automated enforcement of the write whitelist.
功能分析
Type: OpenClaw Skill
Name: dingtalk-csa
Version: 1.0.2
The dingtalk-csa skill is a legitimate tool for managing DingTalk Cloud Storage, providing instructions for the AI agent to interact with official DingTalk APIs. It includes a well-documented safety model in SKILL.md that instructs the agent to adhere to a write-access whitelist and explicitly forbids file deletion. The bundle contains comprehensive setup guides and uses standard shell commands (curl) for API interactions without any evidence of malicious intent, data exfiltration, or obfuscation.
能力标签
能力评估
Purpose & Capability
The skill's name and instructions clearly target DingTalk cloud storage and document operations; requiring an AppKey/AppSecret is appropriate. However, the registry metadata (Requirements section) claims 'Required env vars: none' and 'Primary credential: none' while the SKILL.md declares DINGTALK_APP_KEY and DINGTALK_APP_SECRET — this mismatch is an inconsistency to resolve.
Instruction Scope
SKILL.md is instruction-only and documents only DingTalk API calls (list, read, upload, commit, download, doc overwrite/append). It states a write-whitelist (ALLOWED_WRITE_PATHS) and forbids deletions, which is good practice, but enforcement appears procedural (instructions) rather than enforced by shipped code — the agent (or integrator) must correctly implement and honor the whitelist. There are no instructions to read unrelated local files or unrelated env vars.
Install Mechanism
No install spec and no code files to execute (instruction-only). No downloads or archive extraction are present, so disk-write/install risk is low.
Credentials
The only sensitive data the skill requires are AppKey and AppSecret for DingTalk — these are appropriate and expected. The inconsistency is that the top-level registry metadata did not list these required env vars while SKILL.md does. Confirming that the platform will prompt for/provide secure env injection (not plaintext in config) is important.
Persistence & Privilege
The skill is not marked always:true and does not request system-level persistence or modifications to other skills. Autonomous invocation is allowed by default (normal).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install dingtalk-csa - 安装完成后,直接呼叫该 Skill 的名称或使用
/dingtalk-csa触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Added environment variable declarations in metadata. All credentials now use env vars.
v1.0.1
Security fix
v1.0.0
首个版本:空间管理、文件操作、文档读写、安全读写分离模型、完整权限指南
元数据
常见问题
Dingtalk Csa 是什么?
钉盘助手 (DingTalk Cloud Storage Assistant) - 管理钉钉云盘空间、文件和文档。用当用户要求读写钉盘文件、管理团队空间、上传下载文档、操作adoc文档时触发。也适用于钉钉文件分析、报告生成、团队协作等场景。触发词:钉盘、钉钉云盘、DingTalk storage、钉钉文件、钉钉文档。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 104 次。
如何安装 Dingtalk Csa?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install dingtalk-csa」即可一键安装,无需额外配置。
Dingtalk Csa 是免费的吗?
是的,Dingtalk Csa 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Dingtalk Csa 支持哪些平台?
Dingtalk Csa 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Dingtalk Csa?
由 Andy Liang(@andylikescodes)开发并维护,当前版本 v1.0.2。
推荐 Skills