Feishu Voice (ElevenLabs)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Feishu/ElevenLabs voice purpose, but it can automatically post Feishu replies using bot credentials without clear approval or recipient limits.
Install only if you want an agent to send Feishu messages and possibly auto-reply as your Feishu bot. Before use, declare and store API keys securely, scope the Feishu app to the minimum chats and permissions, consider requiring human approval for replies, and avoid sending sensitive audio to ElevenLabs unless its privacy terms are acceptable.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could post voice or text replies into Feishu chats on the bot's behalf without a human reviewing each outgoing message.
This instructs the agent to reply to incoming Feishu messages automatically, but does not specify user confirmation, recipient allowlists, or containment controls before sending messages.
Smart Reply Mode ... Voice message received → transcribe with STT → understand → reply with voice ... Text message received → understand → reply with text
Default to manual approval for outgoing replies, or clearly restrict smart reply mode to approved chats and add rate limits and confirmation controls.
Installing or using this skill may give it practical authority to send Feishu messages and upload audio as the configured bot, even though the registry contract does not surface that credential requirement.
The skill requires a Feishu app secret and bot permissions capable of sending messages and handling files, while the registry metadata declares no required env vars, primary credential, or config paths.
Feishu app with `im:message:send_as_bot` and `im:file` permissions ... `FEISHU_APP_SECRET` | ✅ ... extract from openclaw config ... ['$HOME/.openclaw/openclaw.json']['channels']['feishu']['appSecret']
Declare the required credentials and config path in metadata, use a least-privileged Feishu app, and restrict the bot to intended chats or recipients.
Audio that may contain private conversation content is sent to ElevenLabs for processing.
The STT script uploads the selected audio file to ElevenLabs. This is expected for transcription, but it means voice-message contents leave the local/Feishu environment.
curl -sf "https://api.elevenlabs.io/v1/speech-to-text" ... -H "xi-api-key: $ELEVENLABS_API_KEY" ... -F "file=@$AUDIO_FILE"
Use this only for audio you are comfortable sending to ElevenLabs, and review ElevenLabs retention and privacy settings for the API key/account.
Users must trust separately installed tools for TTS and audio conversion.
The skill depends on external command-line tools installed outside an install spec, and the sag install instruction is not pinned to a version or source in the provided artifacts.
`sag` CLI (ElevenLabs TTS): `npm i -g sag` or `go install` ... `ffmpeg` / `ffprobe`: `brew install ffmpeg`
Install dependencies from verified sources, pin versions where possible, and add these binaries to the skill metadata or install specification.