ClawHub

OpenClaw飞书消息读取

v1.0.0

飞书 IM 消息读取工具使用指南,覆盖会话消息获取、话题回复读取、跨会话消息搜索、图片/文件资源下载。 **当以下情况时使用此 Skill**: (1) 需要获取群聊或单聊的历史消息 (2) 需要读取话题(thread)内的回复消息 (3) 需要跨会话搜索消息(按关键词、发送者、时间等条件) (4) 消息中包含图...

0· 69·0 current·0 all-time
by@chenfa188
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description (Feishu IM message reading, search, and resource download) matches the instructions: it documents get_messages, get_thread_messages, search_messages, and fetch_resource calls. No unrelated binaries, env vars, or install steps are requested.
Instruction Scope
Instructions stay within the declared purpose (reading messages, expanding threads, searching, and downloading resources). However, the guide explicitly recommends proactively expanding thread replies (e.g., automatically fetching latest 10 replies) which can cause the agent to retrieve more user data than strictly requested. This is scope-creep risk (more data collection than minimal user query) but is coherent with providing context.
Install Mechanism
There is no install spec and no code files — instruction-only. This minimizes on-disk risk and the skill does not attempt to download or install third-party code.
Credentials
The SKILL.md repeatedly refers to calling APIs as the user and mentions OAuth authorization/permissions, but the skill declares no required env vars, primary credential, or config paths. This is not necessarily incorrect for an instruction-only skill (the platform may supply user tokens), but it is a minor mismatch: confirm where and how the agent obtains the user's Feishu OAuth tokens and what scopes are requested.
Persistence & Privilege
The skill does not request permanent/always-on inclusion, does not write to system-wide configs, and does not request elevated platform privileges. Autonomous invocation is allowed by default but is not combined with other red flags here.
Assessment
This skill is an instruction-only guide for reading Feishu messages and appears coherent with that purpose. Before installing, confirm: (1) how the platform supplies Feishu OAuth/user tokens and exactly which scopes are requested (message read/search, file download) so you avoid overbroad access; (2) whether you are comfortable the agent will automatically expand thread replies (it may fetch additional messages by default) — if not, instruct it not to auto-expand; (3) file download limits (100MB) and whether downloads are stored/forwarded outside your environment; and (4) that no external install or unknown binaries will be added (this skill has none). If you need tighter control, require explicit user consent for each thread expansion and verify token lifetime/scopes before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk970q10b68b9pg9ysvxgd64y7583sbk3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments