Feishu Voice Loop

ReviewAudited by ClawScan on May 1, 2026.

Overview

The skill appears to do what it says—turn text or voice into OpenAI-generated speech and send it to Feishu—but it requires users to trust Feishu/OpenAI credentials, local CLI tools, and outbound chat delivery.

Install or use this skill only if you expect it to use your OpenAI API key, Feishu app credentials, local transcription CLI, and ffmpeg/ffprobe. Verify Feishu app scopes, recipient open_id values, and any text/audio content before sending.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A user relying only on registry metadata may not realize the skill needs provider credentials and local media tools.

Why it was flagged

The runtime requirements are disclosed in SKILL.md, but the registry metadata lists no required env vars, credentials, binaries, or config paths, so automated requirement declarations are incomplete.

Skill content

Prerequisites:
- `OPENAI_API_KEY` is set for TTS
- Feishu app credentials exist in `~/.openclaw/openclaw.json` ...
- `ffmpeg` and `ffprobe` are installed

Recommendation

Declare OPENAI_API_KEY, Feishu credential/config requirements, ffmpeg/ffprobe, and the transcription CLI configuration in metadata.

Medium

#ASI03: Identity and Privilege Abuse

What this means

The skill can act through the configured Feishu app and consume the configured OpenAI account quota.

Why it was flagged

The script reads an OpenAI API key and Feishu app credentials to generate speech and obtain a Feishu tenant access token.

Skill content

api_key = os.getenv('OPENAI_API_KEY') ... cfg_path = Path.home() / '.openclaw' / 'openclaw.json' ... app_secret = args.app_secret or feishu.get('appSecret')

Recommendation

Use least-privilege Feishu app permissions, keep credentials out of logs and chat, and only run the script with credentials intended for this workflow.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Running the script can post audio into Feishu chats on behalf of the configured app.

Why it was flagged

The script sends an audio message to a user-provided Feishu open_id using the Feishu tenant token.

Skill content

post_json(
            'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id',
            {
                'receive_id': args.to,
                'msg_type': 'audio'

Recommendation

Confirm the recipient open_id and synthesized text before sending, and avoid granting the Feishu app broader messaging permissions than needed.

Low

#ASI05: Unexpected Code Execution

What this means

Using the transcription feature runs a local command from configuration, so a bad local config could execute the wrong program.

Why it was flagged

For transcription, the script executes the CLI command and arguments configured in the user's local OpenClaw config.

Skill content

cmd = [model['command']] ... cmd.extend(rendered) ... subprocess.run(cmd, check=True)

Recommendation

Ensure `tools.media.audio.models[0]` points to a trusted transcription CLI and review configured arguments before use.

Medium

#ASI07: Insecure Inter-Agent Communication

What this means

Text and generated audio leave the local machine and are processed by OpenAI and Feishu.

Why it was flagged

The script sends the provided text to OpenAI for TTS and uploads the generated audio to Feishu.

Skill content

'https://api.openai.com/v1/audio/speech' ... 'input': args.text ... 'https://open.feishu.cn/open-apis/im/v1/files'

Recommendation

Do not use the skill for sensitive text or audio unless those provider data flows are acceptable for your use case.