ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feishu-audio

将音频文件转换为飞书可播放的语音消息。先用 ffmpeg 转为 opus 格式,再上传到飞书,最后发送 audio 消息。适用于用户想要在飞书中收到可播放的语音消息的场景。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 392 · 4 current installs · 4 all-time installs
by@tianyn1990
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The script implements exactly what the name/description claim: convert audio to opus and upload/send to Feishu. However the package registry metadata lists no required environment variables or binaries, while the SKILL.md and script require FEISHU_APP_ID/FEISHU_APP_SECRET and ffmpeg/ffprobe/jq/curl — a mismatch between declared metadata and actual needs.
Instruction Scope
SKILL.md and the script stay within scope: they read a local audio file, convert it, obtain a Feishu tenant_access_token, upload the file to Feishu, and send a message. The script does not attempt to read unrelated system files or call unexpected third-party endpoints (only open.feishu.cn).
Install Mechanism
No install spec (instruction-only with a helper script) — low installation risk. SKILL.md recommends installing ffmpeg via brew but does not mention other required tools (jq, ffprobe, curl), which are used by the script and should be declared.
!
Credentials
The environment variables used (FEISHU_APP_ID and FEISHU_APP_SECRET, optional FEISHU_RECEIVER) are appropriate for interacting with Feishu. The concern is that the registry metadata does not declare any required env vars or primary credential, so the skill will in practice require and use sensitive app credentials despite metadata claiming none.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills or system-wide settings, and only writes a temporary file to /tmp. Autonomous invocation is allowed by default but is not combined with other high-risk behaviors.
What to consider before installing
This skill appears to do what it says (convert a local audio file and send it to Feishu), but exercise caution because the registry metadata omits required credentials and binaries. Before installing or running: (1) inspect the included script (scripts/send_audio.sh) — it uploads files to https://open.feishu.cn and uses FEISHU_APP_ID/FEISHU_APP_SECRET; (2) do not supply production credentials until you trust the source; create a test Feishu app with minimal permissions (im:message, im:message:send_as_bot) and use those; (3) ensure required tools are installed (ffmpeg/ffprobe, jq, curl) — SKILL.md only mentions ffmpeg; (4) run in an isolated/test environment first and rotate any keys used for testing; (5) if you plan to use this long-term, ask the publisher to correct the registry metadata to declare required env vars and binaries. These inconsistencies look like sloppy packaging rather than overtly malicious behavior, but they increase risk and warrant verification.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
audiovk970yt9x2n0fvmax8sfsyjnrys81zj24feishuvk970yt9x2n0fvmax8sfsyjnrys81zj24latestvk97bn2pa24d9rz8csycd06cbz581z2dettsvk970yt9x2n0fvmax8sfsyjnrys81zj24

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

feishu-audio

将本地音频文件转换为飞书可播放的语音消息。

适用场景

  • 用户说"朗读 xxx"、"语音播报"
  • 需要发送可播放的语音消息到飞书

前置条件

  1. ffmpeg - 音频格式转换

    brew install ffmpeg

  2. 飞书应用配置 - 需要以下环境变量:

    • FEISHU_APP_ID
    • FEISHU_APP_SECRET

  3. 接收者 - 飞书用户 Open ID(从上下文获取或手动指定)

使用方法

方式 1:使用已有音频文件

bash scripts/send_audio.sh <音频文件路径> [接收者OpenID]

方式 2:结合 TTS 使用

先生成音频,再用本技能发送:

# 1. 用 edge-tts 生成音频
edge-tts -t "你好,我是小曦" -v zh-CN-XiaoxiaoNeural --write-media /tmp/voice.mp3

# 2. 转为 opus 并发送到飞书
bash scripts/send_audio.sh /tmp/voice.mp3

脚本说明

send_audio.sh

主脚本,完整的音频消息发送流程。

参数:

  • $1 - 音频文件路径(必需)
  • $2 - 接收者 Open ID(可选,默认从环境变量 FEISHU_RECEIVER 获取)

环境变量:

  • FEISHU_APP_ID - 飞书应用 ID
  • FEISHU_APP_SECRET - 飞书应用密钥
  • FEISHU_RECEIVER - 接收者 Open ID(可选)

流程:

  1. 检查 ffmpeg 是否可用
  2. 检查音频文件是否存在
  3. 用 ffmpeg 转换为 opus 格式(飞书要求)
  4. 获取飞书 tenant_access_token
  5. 上传到飞书(file_type=opus)
  6. 发送 audio 消息

音频格式要求

飞书语音消息要求:

  • 格式: opus (OGG 容器)
  • 编码: libopus
  • 采样率: 24000 Hz
  • 声道: 单声道

故障排查

ffmpeg 未安装

brew install ffmpeg

上传失败

检查飞书应用权限:

  • im:message
  • im:message:send_as_bot

消息发送成功但无法播放

确认:

  1. 上传时使用了 file_type=opus
  2. 上传时传递了 duration 参数

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…