← 返回 Skills 市场

Use Dingding

Name: Use Dingding
Author: brucezhu888

作者 brucezhu888 · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ✓ 安全检测通过

120

总下载

当前安装

版本数

在 OpenClaw 中安装

/install use-dingding

功能描述

Interact with DingTalk workspace via dws CLI to manage contacts, chats, calendars, todos, approvals, attendance, reports, and AITable data using OAuth creden...

安全使用建议

This skill appears to do what it says: it wraps the dws CLI and needs DingTalk OAuth credentials. Before installing, do the following: (1) Review the referenced GitHub repository and the raw install script before running any curl | sh; prefer building from source or downloading an official release. (2) Use least-privilege OAuth scopes and test in a sandbox enterprise first. (3) Prefer interactive login (keychain/libsecret) over environment variables for production. (4) Be cautious about granting the agent autonomous execution: require confirmations or disable autonomous invocation if you don't want automated approvals, message sends, or deletes. (5) Inspect the bundled scripts if you will run them; they call the dws binary via subprocess and operate on files you provide (CSV, message files), but they do not contain hidden network exfiltration code. (6) Rotate credentials and monitor audit logs after first use.

功能分析

Type: OpenClaw Skill Name: use-dingding Version: 1.1.0 The skill bundle provides a comprehensive integration for DingTalk (Dingding) using the `dws` CLI. It includes several Python scripts in the `scripts/` directory to automate tasks like meeting scheduling, record importing, and task management. The documentation in `SKILL.md` and the `references/` folder is extensive and emphasizes security best practices, such as using `--dry-run` for all mutations and explicitly warning users to review external installation scripts from the project's GitHub repository (DingTalk-Real-AI/dingtalk-workspace-cli). No evidence of malicious intent, data exfiltration, or prompt injection attacks was found.

能力评估

✓ Purpose & Capability

Name/description promise (interact with DingTalk via the dws CLI) matches what the skill asks for: it requires DWS_CLIENT_ID and DWS_CLIENT_SECRET and documents use of the dws CLI. The bundled Python scripts call the dws binary via subprocess to perform calendar, contact, aitable, todo, report, and attendance operations — all coherent with the claimed purpose.

ℹ Instruction Scope

SKILL.md and scripts instruct the agent to run dws commands (including mutations like approvals, sends, deletes). The instructions explicitly recommend --dry-run by default and advise interactive login; the scripts themselves default to dry-run unless an explicit execute flag is passed. There are no instructions to read unrelated system files or to exfiltrate secrets, but the skill will access files the user explicitly supplies (CSV, message.md) and may use env vars if chosen. Because the skill can perform destructive org actions, limiting autonomous invocation or requiring manual confirmation is recommended.

ℹ Install Mechanism

There is no automated install spec in the package (instruction-only). SKILL.md points to GitHub releases and an install script (raw.githubusercontent.com) and suggests building from source. GitHub releases and source are reasonable installation sources; the provided curl | sh installer pattern is common but carries the usual risk—SKILL.md correctly asks reviewers to inspect the script before running it.

✓ Credentials

Only DingTalk OAuth credentials (DWS_CLIENT_ID and DWS_CLIENT_SECRET) are declared as required, which is proportionate for a DingTalk CLI skill. The code and docs reference a small set of optional runtime envs (DWS_DEBUG, DWS_TRUSTED_DOMAINS) but nothing asks for unrelated cloud/provider credentials or broad secrets.

✓ Persistence & Privilege

always is false and the skill does not request persistent platform-wide privileges or attempt to modify other skills/config. The only notable risk is functional: the skill can perform high-impact operations (approvals, deletes, send messages). Since autonomous invocation is allowed by default on the platform, restrict that when you don't want automated destructive actions — the SKILL.md also calls this out.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install use-dingding
安装完成后，直接呼叫该 Skill 的名称或使用 /use-dingding 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

- Add support for mapping CSV column names to AITable field names in import_records.py using a new --field-map argument. - Update documentation in SKILL.md to reflect the new --field-map option for importing records. - Improves bulk data migration workflows with flexible column/field alignment.

v1.0.9

- Version bump from 1.0.8 to 1.0.9 in SKILL.md. - No functional, configuration, or documentation changes aside from updating the version number.

v1.0.8

- Shortened and clarified the front-matter metadata for environment and binary requirements. - Simplified the description for faster overview of skill purpose and dependencies. - Condensed and clarified the summary and instructions, removing excessive detail and duplication. - Trimmed lengthy sections and removed incomplete or redundant content for better readability.

v1.0.7

- Added a dedicated dependencies section listing required binaries and environment variables for clearer setup. - Updated metadata format to use required_binaries and required_env fields instead of requires/env. - No changes to skill functionality or CLI usage.

v1.0.6

- Improved security guidance for authentication: recommends interactive login (secure keychain) over environment variables. - Updated authentication section with clearer instructions and security warning about env vars visibility. - No functional or breaking changes to core skill features.

v1.0.5

**All batch scripts now use safe dry-run mode by default; execution must be explicit.** - All mutation scripts (e.g. create meeting or todos) now default to dry-run and require --execute to perform real changes. - SKILL.md updated to clarify safe script usage and reduce accidental data mutations. - Minor clarifications in documentation for batch script options. - No changes to required credentials or core CLI commands.

v1.0.4

**Changelog for use-dingding 1.0.4** - Updated SKILL.md metadata: renamed to "use-dingding" and added `displayName`, `version`, and `requires` sections. - Explicitly documented required OAuth credentials (`DWS_CLIENT_ID`, `DWS_CLIENT_SECRET`) for authentication. - No changes to functionality or CLI usage; documentation and metadata improvements only.

v1.0.3

- No user-facing changes in this release. - Internal changes: updated the `clawhub.yml` file.

v1.0.2

Summary: Improved documentation and safety guidance for DingTalk Workspace Skill using the dws CLI. - Expanded SKILL.md with detailed usage instructions and security warnings. - Added step-by-step installation, authentication, and setup guides. - Included safety tips: use --dry-run first, restrict autonomous execution, and apply least-privilege credentials. - Provided quick reference examples for all 12 DingTalk workspace products (contact, chat, bot, calendar, todo, approval, attendance, report, aitable, etc.). - Documented common workflows, troubleshooting steps, and output filtering options.

元数据

Slug use-dingding

版本 1.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 9

常见问题

Use Dingding 是什么？

Interact with DingTalk workspace via dws CLI to manage contacts, chats, calendars, todos, approvals, attendance, reports, and AITable data using OAuth creden... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 120 次。

如何安装 Use Dingding？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install use-dingding」即可一键安装，无需额外配置。

Use Dingding 是免费的吗？

是的，Use Dingding 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Use Dingding 支持哪些平台？

Use Dingding 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Use Dingding？

由 brucezhu888（@brucezhu888）开发并维护，当前版本 v1.1.0。