Feishu Voice
v1.2.0飞书语音消息发送技能。将文本转换为语音并发送到飞书,支持 TTS 生成、格式转换、语速调整、时长读取、文件上传和消息发送。
⭐ 1· 1.3k·30 current·32 all-time
byxiaofei@franklu0819-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Feishu voice/TTS → Feishu) match the included script and SKILL.md. Requested binaries (ffmpeg, ffprobe, jq) and env vars (FEISHU_APP_ID, FEISHU_APP_SECRET, COZE_API_KEY) are appropriate and necessary for TTS generation, format conversion, duration reading, and uploading to Feishu.
Instruction Scope
The SKILL.md and scripts stay within the stated workflow: call an external coze-tts script to make MP3, optionally adjust speed, convert to opus, read duration, upload to Feishu, and send the message. One notable behavior: the send_voice.sh locates and executes a separate coze-tts script by checking several workspace paths (including $HOME and /opt paths) or OPENCLAW_WORKSPACE. Executing that external script is expected for this skill but means you should trust the coze-tts implementation that will run.
Install Mechanism
This is instruction-only with a shell script; there is no download/install step that fetches remote code during installation. No suspicious remote install URLs or archive extraction are present.
Credentials
Required env vars are limited to FEISHU_APP_ID/FEISHU_APP_SECRET (for Feishu token) and COZE_API_KEY (for TTS) — these are proportionate to the described functionality. Optional multi-app vars are reasonable. No unrelated secrets or excessive credentials are requested.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system settings. It runs as a user-invocable script and may be invoked autonomously by the agent (default), which is normal for skills.
Assessment
This skill appears coherent and implements exactly what it claims: generate TTS via coze-tts, convert/measure audio, upload to Feishu, and send an audio message. Before installing or running it: 1) Verify and trust the coze-tts script that this skill will execute (it searches common workspace paths and will run whatever it finds there). Inspect that script and the workspace paths to ensure they are not malicious. 2) Provide only a Feishu app with the minimal permissions needed (im:message, send_as_bot) and avoid using high-privilege tenant credentials unnecessarily. 3) Keep COZE_API_KEY and FEISHU_* secrets in a secure place; consider testing in an isolated account/workspace first. 4) Note minor metadata/version inconsistencies across files (package.json/_meta.json/registry), which is a quality issue but not a direct security problem. If you cannot inspect the coze-tts implementation or workspace paths, treat that as a risk because arbitrary code in those scripts could run with your environment credentials.Like a lobster shell, security has layers — review code before you run it.
audiovk974pbj81a8nhynjetg8jrvw9d83k6jfchinesevk974pbj81a8nhynjetg8jrvw9d83k6jfcozevk974pbj81a8nhynjetg8jrvw9d83k6jffeishuvk974pbj81a8nhynjetg8jrvw9d83k6jflatestvk975vrwqfxe8sf0x4h5kh5w02n83rqggmessagingvk974pbj81a8nhynjetg8jrvw9d83k6jfttsvk974pbj81a8nhynjetg8jrvw9d83k6jfvoicevk974pbj81a8nhynjetg8jrvw9d83k6jf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsffmpeg, ffprobe, jq
EnvFEISHU_APP_ID, FEISHU_APP_SECRET, COZE_API_KEY