ClawHub

飞书多机器人多Agent配置

v1.0.0

OpenClaw 多飞书机器人 + 多 Agent 配置指南:一个 Gateway 实例运行多个飞书机器人,每个机器人绑定不同 Agent,实现独立工作空间、独立会话、独立人格。

0· 102·0 current·0 all-time
by@qushengswaych
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (multi-Feishu bots → multi-Agents) matches the SKILL.md content: creating per-Agent workspaces, adding accounts and agent entries, and binding routes. No unrelated services, binaries, or credentials are requested.
Instruction Scope
Instructions stay within the scope of configuring OpenClaw and Feishu bindings. Notable actionable items: editing ~/.openclaw/openclaw.json to add appId/appSecret and bindings; creating per-Agent workspace files; optionally setting dmPolicy: "open" and allowFrom: ["*"] to bypass pairing. The latter reduces access controls and is a security decision the operator must consciously make. There are minor path inconsistencies in examples (mixing ~ and /root) which could cause misconfiguration.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written or downloaded by the skill itself. Low install risk.
Credentials
The skill requests no environment variables and no special permissions, which is proportional. However, it explicitly instructs placing appId/appSecret in the openclaw.json configuration file (plaintext). This is expected for a connector but is security-sensitive — the guide advises setting file permissions (chmod 600), which is appropriate. Consider using a secrets manager if available.
Persistence & Privilege
Skill flags are default: always:false and agent-invocation allowed (normal). The guide does not request persistent platform-wide privileges or modifications to other skills' configs.
Assessment
This guide appears to do what it says (map multiple Feishu robot accounts to multiple Agents). Before applying it: 1) Review and restrict where appId/appSecret are stored — the guide stores them in openclaw.json (plaintext); use file permissions (chmod 600) or a secrets manager if possible. 2) Avoid enabling dmPolicy: "open" and allowFrom: ["*"] in production unless you understand the exposure — that bypasses pairing and allows unsolicited DM access. 3) Check path examples (mix of ~ and /root) and adjust to your deployment user to avoid permission problems. 4) Ensure each agentDir/workspace is unique as noted to avoid auth/session corruption. 5) Test changes in a staging environment first and monitor logs after restart. If you need stronger isolation for secrets, consider putting credentials into a restricted config store or environment-specific secret mechanism rather than global JSON files.

Like a lobster shell, security has layers — review code before you run it.

latestvk972f3nprnpqg2jx6n8x5mzrdn83jzcg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments