ClawHub

Feishu Cli Setup

v1.0.0

Step-by-step AI agent guide for installing and configuring lark-cli (飞书/Lark CLI). Designed for Claude, Manus, and OpenClaw to proactively guide users throug...

0· 26·0 current·0 all-time
byCosmos Fang@cosmofang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Feishu/Lark CLI install + OAuth guidance) match the provided artifacts. The package includes prompt-generator scripts that produce step-by-step instructions for installing/configuring lark-cli and loading the 20 Agent Skills; these are appropriate for the stated goal.
Instruction Scope
SKILL.md and all scripts only instruct the agent to run local CLI commands (npm install, npx, lark-cli commands), extract authorization/config URLs from CLI output, and present them to the user. They explicitly require user browser interaction for OAuth and encourage --dry-run and user confirmation. The instructions do not direct reading unrelated system files or exfiltrating secrets.
Install Mechanism
There is no registry install spec; this is an instruction-only skill with helper scripts. The instructions recommend installing from npm (npm install -g @larksuite/cli) or building from the public GitHub repo — both are standard distribution channels. Note: global npm installs (-g) and the npx skills add command will modify the system/global agent skill list; that's expected but has system-wide impact.
Credentials
The skill requests no environment variables or credentials itself. It guides the user to provide LARK_APP_ID/LARK_APP_SECRET to the lark-cli (entered by the user) and explicitly warns not to share secrets publicly. Mention of LARK_CONFIG_FILE in troubleshooting is contextual and not required by the skill.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The guide instructs installing global skills (npx skills add -g) which makes the lark-* skills available to all agents on the host — this is expected for providing Feishu features but is a meaningful system-wide change the user should be aware of.
Assessment
This skill appears to be a legitimate installer/guide for the official lark-cli. Before running anything, verify you trust the upstream packages: check the npm package publisher for @larksuite/cli and the GitHub repo (https://github.com/larksuite/cli). Be cautious when performing global npm installs (avoid sudo if possible; follow npm permission guidance). When asked for App ID/Secret, paste them only into the local CLI prompt — do not paste secrets into public chats or repositories. Confirm that any authorization URL you receive is a legitimate feishu/larksuite domain before opening it. If you prefer less system-wide impact, you can install lark-cli locally instead of globally and avoid running npx skills add -g.

Like a lobster shell, security has layers — review code before you run it.

latestvk97exgbz4hybbg19jbtnn99jnn848kea

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments