ClawHub

Feishu Setup Guide

v1.0.0

Complete Feishu (飞书) integration setup guide for OpenClaw. Use when setting up a new OpenClaw instance with Feishu capabilities, configuring the openclaw-lar...

0· 77·0 current·0 all-time
byDamon Liang@liangzhipengdamon-maker

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for liangzhipengdamon-maker/feishu-setup.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Feishu Setup Guide" (liangzhipengdamon-maker/feishu-setup) from ClawHub.
Skill page: https://clawhub.ai/liangzhipengdamon-maker/feishu-setup
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install liangzhipengdamon-maker/feishu-setup

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-setup
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Feishu setup) matches the contents: step-by-step app creation, permissions, plugin installation (openclaw-lark), OpenClaw config, webhooks, and troubleshooting. Required items (appId/appSecret, webhook URL, plugin) are appropriate for this purpose.
Instruction Scope
Instructions are focused on setup and verification. They reference storing app secrets in OpenClaw config or a secret provider (file path), installing the plugin via npx, configuring tools/scopes, and verifying webhooks. Note: the guide explicitly covers enabling tools that grant access to messages, files, contacts and other sensitive data — which is expected for full integration but is sensitive and should be enabled only as needed.
Install Mechanism
This is an instruction-only skill (no install spec). It suggests using 'npx openclaw plugin install' to fetch packages from npm (namespaced @larksuite/@lark-apaas), which is consistent with installing OpenClaw plugins and not unusual. No downloads from untrusted hosts or extracted archives are present in the bundle.
Credentials
The skill does not declare required env vars and does not ask for unrelated credentials. It does instruct the user to provide Feishu App ID/Secret and optionally use a file-based secret provider (path access) — this is proportional to the task. However, the recommended tool set includes highly sensitive capabilities (reading chat history, downloading attachments, searching across chats, accessing contacts/docs/calendar). Enabling the full tool list grants broad access to user data and should be limited to only the necessary scopes/users.
Persistence & Privilege
always is false and the skill is user-invocable. There is no install script writing files in the skill bundle. The guide asks operators to configure OpenClaw and secret providers themselves; it does not request permanent platform privileges or modify other skills' configs automatically.
Assessment
This is a coherent, expected Feishu integration guide. Before proceeding: (1) only enable the specific OAuth scopes and feishu_* tools you need — many listed tools allow reading messages, files, contacts and are sensitive; (2) store appSecret in a secure secret provider (avoid committing secrets to plaintext config); (3) host the webhook endpoint on a TLS-protected, authenticated URL and validate Feishu verification tokens/encrypt keys; (4) vet the npm plugin packages you install (namespaced @larksuite/@lark-apaas are expected, but confirm package provenance and check package versions/lockfiles); (5) test with a restricted availability scope or test account before publishing to all users. If you want, provide the actual plugin package versions or your intended scope list and I can point out which permissions/tools are most risky and suggest a minimal safe configuration.

Like a lobster shell, security has layers — review code before you run it.

latestvk979x6mk15na5ehbz9tad5a7bn84s5g4
77downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Damon Liang@liangzhipengdamon-maker
latest
Download

Feishu Setup Guide for OpenClaw

End-to-end guide to configure OpenClaw with full Feishu capabilities: IM, Calendar, Docs, Bitable, Contacts, Search, and OAuth.

Architecture Overview

Feishu Cloud ←→ Feishu Bot (Webhook/Event) ←→ openclaw-lark plugin ←→ OpenClaw Gateway
  • openclaw-lark (@larksuite/openclaw-lark): Official Feishu channel plugin. Provides all feishu_* tools, skills, and OAuth flow.
  • openclaw-extension-miaoda (@lark-apaas/openclaw-extension-miaoda): Optional. Miaoda platform integration.
  • openclaw-extension-miaoda-coding (@lark-apaas/openclaw-extension-miaoda-coding): Optional. Miaoda vibe-coding extension.

Setup Checklist

Phase 1: Create Feishu App (Open Platform)

  1. Go to Feishu Open Platform → Create App
  2. Fill in App Name, Description, Icon
  3. Note down credentials: App ID (cli_xxx) and App Secret
  4. Under "Security Settings", configure Encrypt Key and Verification Token (or let platform auto-generate)

Phase 2: Configure App Capabilities

Read references/feishu-app-config.md for detailed step-by-step instructions covering:

  • Permissions & Scopes (OAuth)
  • Event Subscriptions
  • Bot capabilities
  • Card interaction

Phase 3: Install openclaw-lark Plugin

# In OpenClaw project directory
npx openclaw plugin install @larksuite/openclaw-lark

# Optional Miaoda extensions
npx openclaw plugin install @lark-apaas/openclaw-extension-miaoda
npx openclaw plugin install @lark-apaas/openclaw-extension-miaoda-coding

Phase 4: Configure OpenClaw

Read references/openclaw-config-reference.md for the complete config template with all feishu-related sections.

Key config sections:

  • channels.feishu — Channel credentials and policies
  • plugins.entries.openclaw-lark — Plugin enablement
  • tools.alsoAllow — Enable feishu tools
  • tools.deny — Disable unwanted tools
  • skills.entries.feishu-task — Task skill toggle

Quick start config patch:

openclaw config set channels.feishu.enabled true
openclaw config set channels.feishu.appId '<YOUR_APP_ID>'
openclaw config set channels.feishu.appSecret '<YOUR_APP_SECRET>'
openclaw config set channels.feishu.domain 'feishu'
openclaw config set channels.feishu.requireMention true
openclaw config set channels.feishu.dmPolicy 'allowlist'
openclaw config set channels.feishu.allowFrom '<OWNER_OPEN_ID>'
openclaw config set plugins.entries.openclaw-lark.enabled true

Phase 5: Configure Webhook / Event Subscription

  • Event subscription URL: https://<YOUR_HOST>/feishu/webhook (or as documented by openclaw-lark)
  • Subscribe to events listed in references/feishu-app-config.md

Phase 6: Restart and Verify

openclaw gateway restart
# Or in non-systemd env:
sh scripts/restart.sh

Verify:

  1. Bot appears in Feishu contacts
  2. Send a DM to bot — it should respond
  3. Check openclaw status for channel health

Tool Matrix

See references/tool-matrix.md for the complete mapping of feishu_* tools to capabilities, with enable/disable configuration.

Permission Scopes Reference

See references/permissions-reference.md for all OAuth scopes needed per feature area.

Troubleshooting

  • Bot not responding: Check webhook URL, event subscription, and openclaw status
  • OAuth failures: User needs to complete authorization flow; check scopes in Feishu Open Platform
  • Tool not found: Verify tool is in tools.alsoAllow and not in tools.deny
  • Permission denied on API call: Check Feishu app has the required scope enabled AND user has authorized

For deep diagnostics, read the feishu-troubleshooting skill if available.

Comments

Loading comments...