← 返回 Skills 市场
jolestar

DingTalk OpenAPI Skill

作者 jolestar · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
240
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install dingtalk-openapi-skill
功能描述
Operate DingTalk messaging APIs through UXC with a curated OpenAPI schema, app-token bearer auth, and robot/service-group guardrails.
使用说明 (SKILL.md)

DingTalk Messaging Skill

Use this skill to run DingTalk messaging operations through uxc + OpenAPI.

Reuse the uxc skill for shared execution, auth, and error-handling guidance.

Prerequisites

  • uxc is installed and available in PATH.
  • Network access to https://api.dingtalk.com/v1.0.
  • Access to the curated OpenAPI schema URL:
    • https://raw.githubusercontent.com/holon-run/uxc/main/skills/dingtalk-openapi-skill/references/dingtalk-messaging.openapi.json
  • A DingTalk internal app or app suite with bot messaging permissions enabled.
  • A DingTalk app appKey + appSecret, or a current accessToken if you are using the manual fallback path.
  • Robot code, conversation identifiers, and user identifiers for the target send flows.

Scope

This skill covers a narrow IM-focused request/response surface:

  • one-to-one bot sends
  • group bot sends
  • service group sends
  • minimal user lookup by unionId

This skill does not cover:

  • approval, attendance, admin, or broader enterprise app workflows
  • old oapi.dingtalk.com endpoints
  • custom robot webhook token/signature flows
  • inbound callback or webhook receiver runtime

Subscribe / Stream Mode Status

DingTalk has event-delivery flows such as Stream Mode, but those flows are outside the current scope of this skill.

Current uxc subscribe status:

  • this skill is validated only for request/response messaging operations
  • DingTalk inbound event/message intake is not currently validated through uxc subscribe

Treat DingTalk as a possible future subscribe target via Stream Mode rather than a currently supported IM subscribe provider.

API Surface Choice

This skill is intentionally pinned to the newer DingTalk Open Platform host:

  • https://api.dingtalk.com/v1.0

The older oapi.dingtalk.com surface is intentionally excluded from v1 to keep auth and schema shape consistent.

Authentication

DingTalk v1 APIs use app accessToken credentials.

Preferred setup is to store appKey + appSecret as credential fields and let uxc auth bootstrap fetch and refresh the short-lived access token automatically.

Bootstrap-managed setup:

uxc auth credential set dingtalk-app \
  --auth-type bearer \
  --field app_key=env:DINGTALK_APP_KEY \
  --field app_secret=env:DINGTALK_APP_SECRET

uxc auth bootstrap set dingtalk-app \
  --token-endpoint https://api.dingtalk.com/v1.0/oauth2/accessToken \
  --header 'Content-Type=application/json' \
  --request-json '{"appKey":"{{field:app_key}}","appSecret":"{{field:app_secret}}"}' \
  --access-token-pointer /accessToken \
  --expires-in-pointer /expireIn

uxc auth binding add \
  --id dingtalk-app \
  --host api.dingtalk.com \
  --path-prefix /v1.0 \
  --scheme https \
  --credential dingtalk-app \
  --priority 100

Manual fallback if you already have an app access token:

curl -sS https://api.dingtalk.com/v1.0/oauth2/accessToken \
  -H 'Content-Type: application/json' \
  -d '{"appKey":"dingxxxx","appSecret":"xxxx"}'

Configure one bearer credential and bind it to the DingTalk API host:

uxc auth credential set dingtalk-app \
  --auth-type bearer \
  --secret-env DINGTALK_ACCESS_TOKEN

uxc auth binding add \
  --id dingtalk-app \
  --host api.dingtalk.com \
  --path-prefix /v1.0 \
  --scheme https \
  --credential dingtalk-app \
  --priority 100

Validate the active mapping when auth looks wrong:

uxc auth binding match https://api.dingtalk.com/v1.0

Core Workflow

  1. Use the fixed link command by default:

    • command -v dingtalk-openapi-cli
    • If missing, create it: uxc link dingtalk-openapi-cli https://api.dingtalk.com/v1.0 --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/dingtalk-openapi-skill/references/dingtalk-messaging.openapi.json
    • dingtalk-openapi-cli -h

  2. Inspect operation schema first:

    • dingtalk-openapi-cli get:/contact/users/{unionId} -h
    • dingtalk-openapi-cli post:/robot/oToMessages/batchSend -h
    • dingtalk-openapi-cli post:/robot/groupMessages/send -h

  3. Prefer read/setup validation before writes:

    • dingtalk-openapi-cli get:/contact/users/{unionId} unionId=$DINGTALK_UNION_ID
    • dingtalk-openapi-cli post:/robot/oToMessages/batchSend -h
    • dingtalk-openapi-cli post:/serviceGroup/messages/send -h

  4. Execute with key/value or positional JSON:

    • key/value: dingtalk-openapi-cli get:/contact/users/{unionId} unionId=$DINGTALK_UNION_ID language=zh_CN
    • positional JSON: dingtalk-openapi-cli post:/robot/groupMessages/send '{"openConversationId":"cidxxxx","robotCode":"dingxxxx","msgKey":"sampleText","msgParam":"{\"content\":\"Hello from UXC\"}"}'

Operation Groups

User Lookup

  • get:/contact/users/{unionId}

Messaging

  • post:/robot/oToMessages/batchSend
  • post:/robot/groupMessages/send
  • post:/serviceGroup/messages/send

Guardrails

  • Keep automation on the JSON output envelope; do not use --text.
  • Parse stable fields first: ok, kind, protocol, data, error.
  • Prefer uxc auth bootstrap over manual token management. Manual accessToken setup is still supported as a fallback.
  • All three send operations are high-risk writes. Require explicit user confirmation before execution.
  • DingTalk msgParam is a JSON-encoded string payload, not a nested JSON object. Build and validate that string carefully before sending.
  • robotCode, openConversationId, coolAppCode, and target identifiers are all provider-specific routing fields. Missing any of them generally means the send will fail even if auth is valid.
  • This v1 wrapper does not include custom robot webhook token/sign flows; use app-based APIs only.
  • dingtalk-openapi-cli \x3Coperation> ... is equivalent to uxc https://api.dingtalk.com/v1.0 --schema-url \x3Cdingtalk_openapi_schema> \x3Coperation> ....

References

安全使用建议
This skill appears to do what it says (a narrow DingTalk messaging wrapper for uxc), but the package metadata does not declare the credentials the runtime docs require. Before installing: - Verify you trust the 'uxc' tool referenced; the skill delegates auth and calls through uxc. If you don't already trust uxc, review its code and auth behavior. - Expect to provide app credentials (appKey/appSecret) or an access token and at least one identifier (unionId). Treat those as sensitive: store them in a secure secret store, not in plaintext shell history. - Confirm the skill will always ask for explicit confirmation before performing message sends (SKILL.md requests this); if you need to prevent automated sends, disable autonomous invocation or require manual approval in your agent policy. - The skill pulls an OpenAPI schema from raw.githubusercontent.com but also includes a local schema copy; verify the schema you will use and prefer the included local copy to avoid silent remote changes. - The absence of declared required env vars in the registry metadata is an information gap — ask the publisher to update the manifest to list required secrets and the primary credential so you can review requested privileges more easily. If you cannot confirm these items, treat this skill as higher risk and avoid installing it until the manifest and trust of uxc are clarified.
功能分析
Type: OpenClaw Skill Name: dingtalk-openapi-skill Version: 1.0.0 The skill is a legitimate integration for DingTalk's messaging APIs using the `uxc` CLI tool. It includes comprehensive documentation in `SKILL.md` and `usage-patterns.md`, a validation script `validate.sh` to ensure safety guardrails are present, and a standard OpenAPI schema. It follows best practices by using environment variables for credentials and explicitly instructing the agent to seek user confirmation for high-risk write operations.
能力评估
Purpose & Capability
Name, description, OpenAPI schema, and operations (user lookup and three send endpoints) align with a DingTalk messaging skill. The required operations and auth (appKey/appSecret or accessToken) are coherent with the described capability.
Instruction Scope
SKILL.md gives concrete, narrow runtime instructions that stay within messaging scope (linking the schema, inspecting schema, read-then-write pattern, and explicit write-confirmation guardrails). It requires the external 'uxc' CLI and network access to api.dingtalk.com and a schema URL on raw.githubusercontent.com. It does not instruct reading unrelated system files or exfiltrating data, but it does instruct the agent to consume secrets (env vars) at runtime.
Install Mechanism
No install spec is present (instruction-only), so nothing arbitrary will be downloaded or written at install time. The included validate.sh is a harmless local validation script (requires ripgrep and jq) and does not perform network installs or execute remote code.
Credentials
The SKILL.md expects app credentials and environment variables (DINGTALK_APP_KEY, DINGTALK_APP_SECRET, DINGTALK_ACCESS_TOKEN, DINGTALK_UNION_ID) and recommends storing tokens in env vars and binding them into uxc. However, the registry metadata lists no required environment variables or primary credential. That mismatch means the manifest under-reports the secrets the skill needs and obscures the credential blast radius.
Persistence & Privilege
always is false and the skill is not requesting system-wide persistence or modifying other skills. Autonomous invocation is allowed by default (disable-model-invocation: false) — normal for skills — but this combined with the unreported credential requirements increases potential impact if misused.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install dingtalk-openapi-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /dingtalk-openapi-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the DingTalk messaging skill for UXC. - Provides request/response IM operations: one-to-one bot sends, group bot sends, service group sends, and minimal user lookup. - Uses curated OpenAPI schema and DingTalk v1 API (`api.dingtalk.com/v1.0`) exclusively. - App-token bearer authentication managed via `uxc auth bootstrap` or manual access token fallback. - Includes guardrails for write operations and clear guidance for setup and execution. - Excludes approval, admin, webhook, and subscribe/stream event flows.
元数据
Slug dingtalk-openapi-skill
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

DingTalk OpenAPI Skill 是什么?

Operate DingTalk messaging APIs through UXC with a curated OpenAPI schema, app-token bearer auth, and robot/service-group guardrails. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 240 次。

如何安装 DingTalk OpenAPI Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dingtalk-openapi-skill」即可一键安装,无需额外配置。

DingTalk OpenAPI Skill 是免费的吗?

是的,DingTalk OpenAPI Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

DingTalk OpenAPI Skill 支持哪些平台?

DingTalk OpenAPI Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 DingTalk OpenAPI Skill?

由 jolestar(@jolestar)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论