← 返回 Skills 市场
420
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install dingtalk-todo
功能描述
钉钉待办管理。当用户提到"钉钉待办"、"待办任务"、"创建待办"、"新增待办"、"查看待办"、"完成待办"、"标记完成"、"删除待办"、"待办列表"、"我的待办"、"设置截止时间"、"指派待办"、"dingtalk todo"、"todo task"、"task management"时使用此技能。支持:创建待办...
使用说明 (SKILL.md)
钉钉待办技能
负责钉钉待办(Todo)的所有操作。本文件为策略指南,仅包含决策逻辑和工作流程。完整 API 请求格式见文末「references/api.md 查阅索引」。
工作流程(每次执行前)
- 读取配置 → 用一条
grep -E命令一次性读取配置文件~/.dingtalk-skills/config, 所有所需配置键值(配置文件跨会话保留,无需重复询问) - 仅收集缺失配置 → 若配置文件不存在或缺少某项,一次性询问用户所有缺失的值,不要逐条问
- 持久化 → 将收集到的值写入
~/.dingtalk-skills/config文件,后续无需再问 - 获取/复用 Token → 有效期内复用缓存(缓存 7000 秒,约 2 小时),避免重复请求;遇 401 重新获取
- 执行操作 → 凡是包含变量替换、管道或多行逻辑的命令,
/tmp/\x3Ctask>.sh再bash /tmp/\x3Ctask>.sh执行。不要把多行命令直接粘到终端里(终端工具会截断),也不要用\x3C\x3C'EOF'语法(heredoc 在工具中同样会被截断导致变量丢失)
凭证禁止在输出中完整打印,确认时仅显示前 4 位 +
****
所需配置
| 配置键 | 说明 | 如何获取 |
|---|---|---|
DINGTALK_APP_KEY |
应用 AppKey | 钉钉开放平台 → 应用管理 → 凭证信息 |
DINGTALK_APP_SECRET |
应用 AppSecret | 同上 |
DINGTALK_USER_ID |
当前用户的企业员工 ID(userId) | 管理后台 → 通讯录 → 成员管理 → 点击姓名查看(不是手机号、不是 unionId) |
DINGTALK_OPERATOR_ID |
当前用户的 unionId | 首次由脚本自动通过 userId 转换获取并写入 |
身份标识说明
钉钉有两种用户 ID,不同 API 使用不同的 ID:
| 标识 | 说明 | 如何获取 |
|---|---|---|
userId(= staffId) |
企业内部员工 ID,最容易获取 | 管理后台 → 通讯录 → 成员管理 → 点击姓名查看;或调用手机号查询 API |
unionId |
跨企业/跨应用唯一 | 通过 userId 调用 API 转换获取 |
- 待办 API 的路径参数
{unionId}和查询参数operatorId均使用 unionId - executorIds / participantIds(指派同事)也使用 unionId
- 因此配置中优先收集
userId(用户容易拿到),由脚本自动转换为unionId
userId → unionId 转换
需要旧版 access_token(与新版不同):
# 1. 获取旧版 token
OLD_TOKEN=$(curl -s "https://oapi.dingtalk.com/gettoken?appkey=${APP_KEY}&appsecret=${APP_SECRET}" | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4)
# 2. userId → unionId
UNION_ID=$(curl -s -X POST "https://oapi.dingtalk.com/topapi/v2/user/get?access_token=${OLD_TOKEN}" \
-H 'Content-Type: application/json' \
-d "{\"userid\":\"${USER_ID}\"}" | grep -o '"unionid":"[^"]*"' | cut -d'"' -f4)
# 3. 写入配置文件
echo "DINGTALK_OPERATOR_ID=$UNION_ID" >> ~/.dingtalk-skills/config
⚠️ 注意:返回体中
result.unionid(无下划线)有值,result.union_id(有下划线)可能为空。
给同事创建待办时
如果用户要给同事创建待办(指定 executorIds),需要同事的 unionId。向用户询问同事的 userId(管理后台可查),然后用上述方法转换。
执行脚本模板
#!/bin/bash
set -e
CONFIG=~/.dingtalk-skills/config
APP_KEY=$(grep '^DINGTALK_APP_KEY=' "$CONFIG" | cut -d= -f2-)
APP_SECRET=$(grep '^DINGTALK_APP_SECRET=' "$CONFIG" | cut -d= -f2-)
USER_ID=$(grep '^DINGTALK_USER_ID=' "$CONFIG" | cut -d= -f2-)
# 新版 Token 缓存(用于待办 API)
CACHED_TOKEN=$(grep '^DINGTALK_ACCESS_TOKEN=' "$CONFIG" 2>/dev/null | cut -d= -f2-)
TOKEN_EXPIRY=$(grep '^DINGTALK_TOKEN_EXPIRY=' "$CONFIG" 2>/dev/null | cut -d= -f2-)
NOW=$(date +%s)
if [ -n "$CACHED_TOKEN" ] && [ -n "$TOKEN_EXPIRY" ] && [ "$NOW" -lt "$TOKEN_EXPIRY" ]; then
TOKEN=$CACHED_TOKEN
else
RESP=$(curl -s -X POST https://api.dingtalk.com/v1.0/oauth2/accessToken \
-H 'Content-Type: application/json' \
-d "{\"appKey\":\"$APP_KEY\",\"appSecret\":\"$APP_SECRET\"}")
TOKEN=$(echo "$RESP" | grep -o '"accessToken":"[^"]*"' | cut -d'"' -f4)
sed -i '/^DINGTALK_ACCESS_TOKEN=/d;/^DINGTALK_TOKEN_EXPIRY=/d' "$CONFIG"
echo "DINGTALK_ACCESS_TOKEN=$TOKEN" >> "$CONFIG"
echo "DINGTALK_TOKEN_EXPIRY=$((NOW + 7000))" >> "$CONFIG"
fi
# unionId:优先从配置读取,未存储时自动从 userId 转换并写入
UNION_ID=$(grep '^DINGTALK_OPERATOR_ID=' "$CONFIG" 2>/dev/null | cut -d= -f2-)
if [ -z "$UNION_ID" ]; then
OLD_TOKEN=$(curl -s "https://oapi.dingtalk.com/gettoken?appkey=${APP_KEY}&appsecret=${APP_SECRET}" | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4)
UNION_ID=$(curl -s -X POST "https://oapi.dingtalk.com/topapi/v2/user/get?access_token=${OLD_TOKEN}" \
-H 'Content-Type: application/json' \
-d "{\"userid\":\"${USER_ID}\"}" | grep -o '"unionid":"[^"]*"' | cut -d'"' -f4)
echo "DINGTALK_OPERATOR_ID=$UNION_ID" >> "$CONFIG"
fi
# 在此追加具体 API 调用,例如创建待办:
RESULT=$(curl -s -X POST \
"https://api.dingtalk.com/v1.0/todo/users/${UNION_ID}/tasks?operatorId=${UNION_ID}" \
-H "x-acs-dingtalk-access-token: $TOKEN" \
-H 'Content-Type: application/json' \
-d "{\"subject\":\"今天完成需求评审\"}")
echo "$RESULT"
TASK_ID=$(echo "$RESULT" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4)
echo "创建成功,taskId=$TASK_ID"
⚠️ 通过应用 API 创建的待办显示在钉钉「待办」的 Teambition 分类下,不是「个人」分类。 ⚠️ 通过 API 创建的任务无法在钉钉 UI 里手动删除,只能通过 API 删除。
references/api.md 查阅索引
确定好要做什么之后,用以下命令从 references/api.md 中提取对应章节的完整 API 细节(请求格式、参数说明、返回值示例):
# 身份标识与 userId ↔ unionId 转换(28 行)
grep -A 28 "^## 身份标识" references/api.md
# 创建待办(含所有可选字段)(47 行)
grep -A 47 "^## 1. 创建待办" references/api.md
# 获取待办详情(29 行)
grep -A 29 "^## 2. 获取待办详情" references/api.md
# 查询待办列表(含分页)(42 行)
grep -A 42 "^## 3. 查询待办列表" references/api.md
# 更新待办(25 行)
grep -A 25 "^## 4. 更新待办" references/api.md
# 删除待办(16 行)
grep -A 16 "^## 5. 删除待办" references/api.md
# 错误码表(9 行)
grep -A 9 "^## 错误码" references/api.md
# 所需应用权限(7 行)
grep -A 7 "^## 所需应用权限" references/api.md
安全使用建议
This skill legitimately needs DingTalk app credentials and a user ID to call the Todo APIs, but the SKILL.md instructs the agent to: 1) ask you for the AppKey/AppSecret and userId, 2) store them plaintext in ~/.dingtalk-skills/config (including cached tokens), and 3) build and run temporary shell scripts in /tmp. Before installing, consider: - Only provide these credentials if you trust the skill and the publisher; treat AppSecret like a password. - Be aware the skill will persist secrets to your home directory (check and restrict file permissions, e.g., chmod 600). - If you stop using the skill, delete ~/.dingtalk-skills/config and revoke the AppSecret/token in DingTalk. - Review or sandbox the agent first (run in a throwaway account or VM) to observe what gets written/executed. - Prefer an implementation that uses secure secret storage or declares required env vars in metadata; the mismatch between metadata and runtime credential use is an incoherence to be aware of.
功能分析
Type: OpenClaw Skill
Name: dingtalk-todo
Version: 0.1.0
The skill manages DingTalk Todo tasks by storing sensitive API credentials (AppKey and AppSecret) in a local plaintext configuration file (~/.dingtalk-skills/config) and executing logic via temporary shell scripts in /tmp. While these behaviors are aligned with the stated purpose of interacting with DingTalk APIs (api.dingtalk.com and oapi.dingtalk.com), the use of shell execution, network access, and insecure credential storage are classified as risky capabilities and potential vulnerabilities under the review criteria. No evidence of intentional data exfiltration or malicious prompt injection was found in SKILL.md or references/api.md.
能力评估
Purpose & Capability
Name and description match the instructions: the SKILL.md documents how to call DingTalk Todo APIs (create/list/update/delete). The credentials and user-id conversions described are appropriate and necessary for the stated purpose.
Instruction Scope
Runtime instructions direct the agent to read/write a configuration file at ~/.dingtalk-skills/config, fetch and cache access tokens, convert userId→unionId via DingTalk endpoints, and create/execute temporary shell scripts (/tmp/<task>.sh) for multi-line commands. These actions are within scope for a CLI-based API integrator but grant file I/O and shell-execution abilities; executing dynamically created scripts increases risk if inputs are not validated.
Install Mechanism
Instruction-only skill with no install spec and no external downloads. Lowest install risk — nothing is written by an installer beyond what the runtime instructions ask the agent to do.
Credentials
The SKILL.md expects collection of sensitive values (DINGTALK_APP_KEY, DINGTALK_APP_SECRET, DINGTALK_USER_ID and derived DINGTALK_OPERATOR_ID) and persists them to ~/.dingtalk-skills/config in plaintext. However the registry metadata declares no required credentials/env vars. This mismatch (credentials used but not declared) and the plaintext persistence of secrets to a file in the user's home are the primary concerns.
Persistence & Privilege
always:false (good). The skill persists credentials and cached tokens to ~/.dingtalk-skills/config and executes scripts from /tmp; it does not request elevated platform privileges but it does create persistent sensitive files and executes shell scripts — the user should consider file permissions and removal on uninstall.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install dingtalk-todo - 安装完成后,直接呼叫该 Skill 的名称或使用
/dingtalk-todo触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
dingtalk-todo 0.1.0
- 初始版本,支持钉钉待办任务的全流程管理,包括创建、查询、更新、标记完成与删除。
- 支持多用户与同事协作(需收集/转换 userId 与 unionId)。
- 配置参数仅缺失时一次性收集并持久化到本地,无需每次询问。
- Access Token 智能缓存与过期自动刷新,确保高效接口访问。
- 脚本执行采用中间文件,防止命令截断和变量丢失。
- 提供详细的工作流程、配置说明和 API 查阅方法,便于扩展与运维。
元数据
常见问题
Dingtalk Todo 是什么?
钉钉待办管理。当用户提到"钉钉待办"、"待办任务"、"创建待办"、"新增待办"、"查看待办"、"完成待办"、"标记完成"、"删除待办"、"待办列表"、"我的待办"、"设置截止时间"、"指派待办"、"dingtalk todo"、"todo task"、"task management"时使用此技能。支持:创建待办... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 420 次。
如何安装 Dingtalk Todo?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install dingtalk-todo」即可一键安装,无需额外配置。
Dingtalk Todo 是免费的吗?
是的,Dingtalk Todo 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Dingtalk Todo 支持哪些平台?
Dingtalk Todo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Dingtalk Todo?
由 breath57(@breath57)开发并维护,当前版本 v0.1.0。
推荐 Skills