Feishu Group Mention Responder
v1.0.0在飞书群中,当机器人被@提及或接收到直接消息时,自动进行回复。
⭐ 0· 893·0 current·0 all-time
by@lorpha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to operate as a Feishu group mention responder and describes the permissions and Bot/App identifiers it needs (e.g., im:message:send_as_bot, im:chat:read, Bot ID/App ID). However, the skill metadata declares no required environment variables, credentials, or config paths. That mismatch is unexpected unless the platform (OpenClaw) already provides a built-in Feishu connector; the SKILL.md does not state that explicitly.
Instruction Scope
The runtime instructions are narrowly scoped to listening for messages, detecting mentions, building a reply that @-mentions the original sender, and sending it back with the platform's message tool. The instructions do warn about reply loops and permissions. They do not request access to unrelated files, system paths, or other credentials.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it has a minimal installation surface and writes nothing to disk by itself.
Credentials
Although the SKILL.md names required Feishu permissions and the need to know the bot's ID, the skill declares no environment variables or primary credential. In practice this kind of integration normally requires Feishu app credentials (app ID/secret, bot token) or platform-provided connector configuration; the omission is a proportionality/documentation gap that should be resolved before trusting the skill.
Persistence & Privilege
The skill does not request always:true, does not change other skills' configs, and is user-invocable with autonomous invocation allowed (the platform default). There is no indication it needs elevated persistent presence beyond normal runtime use.
What to consider before installing
This skill is an instruction-only Feishu mention responder and otherwise looks coherent, but it omits explicit credentials/config declarations. Before installing: confirm whether your OpenClaw environment already has a trusted Feishu connector (and where Bot ID / tokens are stored); if not, require the skill author to specify exactly which env vars or config paths are needed (for example FEISHU_APP_ID, FEISHU_APP_SECRET, BOT_ID or a platform-scoped token). Ensure the bot has only the minimal permissions (im:message:send_as_bot, im:chat:read) and implement safeguards against reply loops and mass automatic replies (rate limits, whitelist/blacklist, ignore messages from other bots). Also verify the platform's message({}) tool is restricted to sending messages to the declared chat and cannot be used to exfiltrate data to external endpoints. If you need stronger isolation, either disable autonomous invocation for this skill or require explicit user consent before it sends replies.Like a lobster shell, security has layers — review code before you run it.
latestvk97ff5cvp4ja7nfzj0dpetk9ex80y5gf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.