Feishu Webhook Skill
v1.0.0Must Use this skill to send Feishu(飞书/Lark) webhook msgs. Supports plain text, rich text (post), and interactive card messages. Handles image upload via tena...
⭐ 0· 100·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the actual files and instructions: SKILL.md documents sending text/post/card webhook messages and image upload; scripts/upload_image.py implements uploading images to open.feishu.cn using a tenant_access_token. No unrelated credentials, binaries, or endpoints are requested.
Instruction Scope
Runtime instructions stay on-purpose: they ask the agent to confirm a webhook URL, construct message JSON, optionally upload images (via the included script), send via Feishu webhook, and verify results. The SKILL.md does not instruct reading unrelated files or exfiltrating data to third-party endpoints.
Install Mechanism
This is instruction-only (no install spec), so nothing is automatically downloaded. However, the included Python script uses external packages (requests, requests_toolbelt) but the skill metadata does not declare dependencies or an install step — an operational omission rather than a malicious action. Ensure those Python packages are available before using the script.
Credentials
SKILL.md requires FEISHU_TENANT_ACCESS_TOKEN (used by upload_image.py) and the user's Feishu webhook URL — both are appropriate for the stated purpose. Registry metadata, however, lists no required env vars; that mismatch is an inconsistency you should note. No other secrets or unrelated env vars are requested.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system settings, and does not request elevated privileges. Autonomous invocation remains enabled by default (normal behavior).
Assessment
This skill is internally consistent with its stated purpose: it sends Feishu/Lark webhook messages and uploads images to the official open.feishu.cn API. Before installing/use, confirm these points: 1) You will need to provide a FEISHU_TENANT_ACCESS_TOKEN (or pass it to the upload script via --token) and a valid Feishu webhook URL — do not share these tokens publicly. 2) The package metadata did not declare Python dependencies; ensure the environment has requests and requests_toolbelt installed to run scripts/upload_image.py. 3) The skill posts only to open.feishu.cn (the official API) — if you require stricter scope, prefer a token with minimal privileges or use a bot/webhook token scoped to the target chat. 4) The registry metadata omitted required env var info; ask the publisher to update metadata to list required env vars and dependencies. If you need the skill to run autonomously, consider the usual operational risk of granting any skill access to a tenant-wide token — rotate the token if it is ever shared or no longer needed.Like a lobster shell, security has layers — review code before you run it.
latestvk9754cgnvnbr57vs6fvktvj75d84gbg2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.