ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

飞书媒体发送

飞书媒体文件发送技能。适用于:发送文件、图片、URL图片、视频、音频、语音消息,以及打包压缩后发送。当用户要求在飞书中发送任何类型的媒体文件时激活此技能。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 339 · 3 current installs · 3 all-time installs
by@godzff
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description and runtime instructions are aligned: the skill sends local files, URLs, videos, audio, and compressed archives to Feishu. However SKILL.md references ffmpeg/ffprobe for audio conversion/duration yet the skill metadata declares no required binaries. Also the README notes Feishu app permissions (im:message, im:resource) but the skill declares no credentials or environment variables — it assumes the host/agent already has Feishu authorization configured.
Instruction Scope
Instructions focus on sending media via a 'message' tool with channel=feishu and accept arbitrary filePath or media URL inputs — this is expected, but it means the skill can read and transmit any local files the agent is instructed to send. There are no guardrails or limits described beyond a generic 30MB limit. The instructions also call out ffmpeg/ffprobe usage but don't declare them as required binaries.
Install Mechanism
Instruction-only skill with no install steps and no code files; nothing is written to disk by an installer. This is the lowest-risk install mechanism.
Credentials
The skill declares no required environment variables or primary credential, which is plausible if the platform supplies Feishu credentials via the 'message' tool. Still, the SKILL.md explicitly requires Feishu app permissions and external binaries (ffmpeg/ffprobe). The lack of explicit credential requirements means you should confirm where and how Feishu auth is provided by your agent/platform before trusting it.
Persistence & Privilege
always is false, user-invocable is true, and model invocation is allowed — standard settings for a skill of this type. The skill does not request persistent or cross-skill configuration changes.
Assessment
This skill appears to do what it says (send media to Feishu) but verify three things before installing: (1) Confirm your agent/platform already provides Feishu authorization (app token/credentials) and that the required Feishu app permissions (im:message, im:resource) are scoped appropriately. (2) Install ffmpeg/ffprobe from a trusted source if you need voice conversion/duration detection — SKILL.md expects them but they are not declared in metadata. (3) Be cautious about which files you instruct the skill to send: it accepts arbitrary local file paths and URLs, so don’t ask it to send sensitive files (passwords, private keys, credential stores) unless you intentionally want them transmitted. If you need stronger safety, request the skill declare explicit binary and credential requirements or add guardrails limiting allowed file paths/types.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
latestvk971hb6qvyap3q5e6fan2xaw2d81x3c9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

飞书媒体发送技能

通过 message 工具向飞书发送各类媒体文件。

核心用法

所有媒体发送都通过 message 工具的 action=send,关键参数:

  • channel: feishu
  • target: chat:群IDuser:open_id(省略则回复当前会话)
  • message: 附带的文字说明(可选)
  • filePath: 本地文件路径
  • media: URL 地址(网络图片/文件)

1. 发送本地文件(PDF/DOC/XLS/PPT/TXT等)

message action=send channel=feishu filePath=/path/to/file.pdf message="文件说明"

支持格式:pdf, doc/docx, xls/xlsx, ppt/pptx, txt, csv, zip, tar.gz 等。

2. 发送本地图片

message action=send channel=feishu filePath=/path/to/image.png message="图片说明"

支持格式:jpg, jpeg, png, gif, webp, bmp。

3. 发送 URL 图片

message action=send channel=feishu media=https://example.com/image.png message="网络图片"

4. 发送视频

message action=send channel=feishu filePath=/path/to/video.mp4 message="视频说明"

视频以文件附件形式发送(飞书 msg_type: file)。支持 mp4, mov, avi。

5. 发送音频(非语音)

MP3 等音频文件作为普通文件发送:

message action=send channel=feishu filePath=/path/to/audio.mp3 message="音频文件"

6. 发送语音消息(可播放的语音条)

语音消息需要 Ogg/Opus 格式。飞书会显示为可播放的语音条。

6.1 直接发送 opus/ogg 文件

message action=send channel=feishu filePath=/path/to/voice.opus message="语音消息"

6.2 从 MP3 转换后发送

先用 ffmpeg 转换格式:

ffmpeg -i input.mp3 -ar 16000 -ac 1 -acodec libopus output.ogg -y

然后发送 output.ogg。

6.3 技术细节

语音消息的底层流程:

  1. 上传:im.file.createfile_type: "opus",需带 duration(毫秒)
  2. 发送:msg_type: "audio",content: {"file_key":"xxx","duration":3007}
  3. duration 由 ffprobe 自动获取,无需手动指定

7. 打压缩包后发送

当需要发送多个文件或不支持的格式时,先打包再发送:

7.1 打 zip 包

zip -j /tmp/archive.zip /path/to/file1 /path/to/file2

7.2 打 tar.gz 包

tar czf /tmp/archive.tar.gz -C /path/to/dir .

7.3 发送压缩包

message action=send channel=feishu filePath=/tmp/archive.zip message="打包文件"

格式支持速查表

类型格式发送方式飞书显示
图片jpg/png/gif/webpfilePath 或 media(URL)内嵌图片
文档pdf/doc/xls/pptfilePath文件卡片
视频mp4/mov/avifilePath文件卡片
音频mp3/wav/flacfilePath文件卡片
语音opus/oggfilePath可播放语音条
压缩包zip/tar.gzfilePath文件卡片
网络图片URLmedia内嵌图片

注意事项

  • 文件大小限制:默认 30MB
  • 语音必须是 Ogg/Opus 格式才能显示为语音条,其他音频格式只能作为文件发送
  • 需要 ffmpeg/ffprobe 支持语音格式转换和时长检测
  • 飞书应用需要 im:messageim:resource 权限

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…