Community code plugin. Review compatibility and verification before install.
Latest release: v3.6.4Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The DingTalk channel purpose fits the package overall: it connects OpenClaw to DingTalk, handles messages/media/cards, sends replies, and supports DingTalk docs APIs. However, owner-triggered learning commands can persist rules globally, by session, or by target, and exact-match rules can force deterministic replies; that is high-impact behavior beyond ordinary channel transport.
Instruction Scope
Learning rules are injected as high-priority constraints and the prompt text tells the model not to reveal the rule source. Manual forced replies are resolved before normal handling and can silently replace responses after an owner adds matching rules.
Install Mechanism
The package uses a standard OpenClaw/npm plugin structure with no install lifecycle script found. It is source-linked but has no provenance attestation; dependencies are installed as part of normal plugin setup.
Credentials
Network access to DingTalk and credential use are expected, but the plugin also reads local OpenClaw session files for peer preload, supports file-based secrets from arbitrary configured paths, logs full callback/streaming payloads in some paths, and stores message-derived learning data.
Persistence & Privilege
Persistent state includes full question/answer snapshots, feedback records, pending card content, target sets, and learned rules. There are disable/delete commands, but no clear audit, approval, retention, or safety review around global/target rule injection.
Scan Findings in Context
[SDI-2] unexpected: The inspected code confirms persistent manual learning rules, hidden high-priority learning context, and exact-match forced replies. Owner gating reduces exposure but does not remove the material concern because these rules can silently alter future outputs.
[SSD-1] unexpected: The /learn command surface is owner-restricted, but it accepts arbitrary natural-language rules and can persist them across scopes, including global and multi-target application.
[SSD-4] unexpected: The code supports identity discovery, target enumeration/listing, target-set creation, and bulk rule application, creating a powerful control plane if owner access is misused or compromised.
[SQP-2] unexpected: Several findings were confirmed: full card streaming payloads and raw callback payloads can be logged, and pending card/learning state can store user or model message content.
[SSD-3] expected: Storing feedback and reply snapshots is related to the learning feature, but retaining full questions/answers without clear minimization, encryption, or retention controls remains a review concern.
[SDI-4] unexpected: The redaction helper only masks token/accessToken keys, so the scanner's concern about incomplete masking is supported by the source.
[suspicious.env_credential_access] expected: Environment-variable credential access is expected for a DingTalk channel that supports env-based secret references and contacts DingTalk APIs.
[suspicious.exposed_secret_literal] expected: The inspected static-scan examples appear to be config/schema field names such as clientSecret/accessToken rather than hardcoded secrets, so this static signal is downgraded.
What to consider before installing
Install only if you are comfortable granting this plugin DingTalk bot credentials, message send capability, DingTalk docs access through gateway methods, local persistent storage, and owner-controlled learning rules. Before using it in production, restrict ownerAllowFrom, prefer allowlists for DM/group access, keep learningEnabled and learningAutoApply off unless needed, avoid file-based secrets unless the config is trusted, and do not enable debug logging for sensitive conversations.dist/index.js:90
Environment variable access combined with network send.
dist/index.js:167
File appears to expose a hardcoded API secret or token.
dist/index.js.map:4
File appears to expose a hardcoded API secret or token.
src/auth.ts:40
File appears to expose a hardcoded API secret or token.
src/config-schema.ts:33
File appears to expose a hardcoded API secret or token.
src/config.ts:129
File appears to expose a hardcoded API secret or token.
src/device-registration.ts:183
File appears to expose a hardcoded API secret or token.
src/gateway/channel-gateway.ts:217
File appears to expose a hardcoded API secret or token.
src/onboarding.ts:282
File appears to expose a hardcoded API secret or token.
src/secret-input.ts:179
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Verification
Tags
DingTalk Channel for OpenClaw
<p class="repo-badges"> <a href="https://github.com/openclaw/openclaw"><img alt="OpenClaw" src="https://img.shields.io/badge/OpenClaw-%3E%3D2026.3.24-0A7CFF"></a> <a href="https://www.npmjs.com/package/@soimy/dingtalk"><img alt="npm version" src="https://img.shields.io/npm/v/%40soimy%2Fdingtalk"></a> <a href="https://www.npmjs.com/package/@soimy/dingtalk"><img alt="npm downloads" src="https://img.shields.io/npm/dm/%40soimy%2Fdingtalk"></a> <a href="https://github.com/soimy/openclaw-channel-dingtalk/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/github/license/soimy/openclaw-channel-dingtalk"></a> <a href="https://github.com/soimy/openclaw-channel-dingtalk/blob/main/CITATION.cff"><img alt="Citation" src="https://img.shields.io/badge/Citation-CITATION.cff-1277B5"></a> </p>针对 OpenClaw 的钉钉企业内部机器人 Channel 渠道插件,使用 Stream 模式,无需公网 IP。
功能特性
- Stream 模式,无需 Webhook 和公网入口
- 支持私聊、群聊和 @机器人
- 支持文本、图片、语音、视频、文件和钉钉文档/文件卡片
- 支持引用消息恢复和常见文本附件正文抽取
- 支持 Markdown 回复与 AI 卡片流式回复(v2 结构化 block 渲染、taskInfo 元数据、图片内联)
- 支持多 Agent、多机器人绑定和实验性的
@多助手路由 - 支持
/btw旁路问答,绕过主会话锁立即获得独立快答 - 支持 DingTalk Device Flow 自动注册,扫码授权后自动获取凭证,无需手动复制
- 支持实时中止当前 AI generation。常用停止指令包括
停止、stop、/stop、esc等 - 接入 OpenClaw 消息处理与 outbound 能力
[!IMPORTANT] 根据钉钉开放平台公告《关于限时开放钉钉PaaS资源不限量额度以助力企业AI智能体集成的公告》(更新于
2026-03-11),OpenClaw 调用钉钉API/Webhook/Stream的免费“不限量”额度默认有效至2026-03-31;如已通过官方申请通道获批,豁免权益最晚有效至2026-04-30。部署前请前往“钉钉开发者后台 -> 资源管理”核对当前额度状态。
文档入口
- 线上文档站点:https://dingtalk-channel.nanoo.app/
- 用户文档入口:docs/user/index.md
- 参与贡献入口:docs/contributor/index.md
- 发布记录:docs/releases/index.md
- 英文入口:docs/en/index.md
引用与署名
- GitHub / 机器可读引用元数据:CITATION.cff
- 维护者对复用、引用与 AI 协作场景的署名请求:docs/contributor/citation-and-attribution.md
安装
[!IMPORTANT] 最小兼容版本为
OpenClaw 2026.3.24。安装前请先升级到最新版 OpenClaw。
openclaw plugins install @soimy/dingtalk
本地开发或联调可使用源码链接安装
如需本地开发、调试或联调,可使用源码链接安装:
git clone https://github.com/soimy/openclaw-channel-dingtalk.git
cd openclaw-channel-dingtalk
npm install # 或 pnpm install
openclaw plugins install -l .
安装后建议显式配置 plugins.allow:
{
"plugins": {
"enabled": true,
"allow": ["dingtalk"]
}
}
详细说明:
更新
ClawHub 安装来源:
openclaw plugins update dingtalk
本地源码 / 链接安装来源:
git pull
openclaw gateway restart
详细说明:
配置
推荐优先使用交互式配置:
openclaw onboard
或:
openclaw configure --section channels
最小手动配置示例:
{
"plugins": {
"enabled": true,
"allow": ["dingtalk"]
},
"channels": {
"dingtalk": {
"enabled": true,
"clientId": "dingxxxxxx",
"clientSecret": "your-app-secret",
"dmPolicy": "open",
"groupPolicy": "open",
"messageType": "markdown"
}
}
}
详细说明:
重要功能文档
开发简述
git clone https://github.com/soimy/openclaw-channel-dingtalk.git
cd openclaw-channel-dingtalk
npm install
npm run type-check
npm run lint
pnpm test
更多开发与维护说明: