ClawHub

Feishu Messaging

飞书消息发送与文档创建工作流。 触发场景:查找群成员、查找群ID、发送消息失败需要重新尝试。 适用于:发送飞书消息。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
15 · 9.3k · 86 current installs · 87 all-time installs
by@jypjypjypjyp
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The SKILL.md demonstrates Feishu API usage (search chats, send messages, upload images/files, list members) which aligns with the stated purpose of sending Feishu messages and managing related resources. Minor mismatch: the description mentions document creation but no example for document creation is provided.
!
Instruction Scope
Instructions include runnable code that requires app_id/app_secret, opens local files (e.g., '小鸭子.jpg', mp4 files) and posts them to Feishu. The SKILL.md logs raw API responses and shows example UUID handling. These runtime actions involve reading local files and sending data to an external service and are not reflected in the declared requirements.
Install Mechanism
Instruction-only skill with no install spec or bundled code — lowest install risk. It references the lark_oapi SDK but does not attempt to install it itself.
!
Credentials
The metadata lists no required environment variables or credentials, yet every example uses YOUR_APP_ID and YOUR_APP_SECRET (app credentials) and requires Feishu bot scopes. That mismatch is inconsistent and could lead to unexpected prompts for secrets or ad-hoc credential use. The skill also reads local file paths but declares no required config paths.
Persistence & Privilege
always is false and there is no install-time behavior or claims to modify other skills or system settings. The skill does not request persistent/automatic inclusion privileges.
What to consider before installing
This skill appears to be a plain instruction guide for using the Feishu (Lark) SDK, but there are mismatches you should consider before installing or using it: - Credentials: The examples require an app_id and app_secret and bot scopes (im:message:send_as_bot, etc.), but the skill metadata declares no required credentials. That means the skill may expect you to supply secrets at runtime — only provide these for a dedicated, limited-permission Feishu app and rotate them after testing. - File access and data exfiltration: Example code opens local files and uploads them to Feishu. If you run this skill (or allow an agent to run it), ensure it won’t automatically access sensitive files. Limit the agent’s working directory and verify what will be uploaded. - Source and provenance: The skill has no homepage and unknown source. Prefer official or well-documented Feishu integrations. Ask the publisher for the origin, intended deployment model, and whether this is just documentation rather than executable instructions. - Least privilege: If you proceed, create an app with the minimum required scopes, do not reuse high-privilege org credentials, and audit activity logs in Feishu for unexpected messages/uploads. - Validation: Because the skill is instruction-only, review the actual commands the agent will run. Consider running examples in an isolated environment first. If you need help assessing what exact permissions to grant or how to sandbox the skill, provide how you plan to invoke it (interactive vs autonomous agent) and I can give concrete hardening steps.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.0.3
Download zip
latestvk9716cthgdme9rxgevq29jjn5h80m3kw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

飞书消息与文档 Skill

概述

此 Skill 通过飞书开放平台 API 帮助用户发送消息、创建文档和管理飞书资源。

核心能力

功能状态所需权限
发送文本消息✅ 可用im:message:send_as_bot
获取群聊列表✅ 可用im:chat:readonly
获取群成员✅ 可用im:chat.members:read

使用方法

发送消息给指定用户

给 [姓名] 发一条飞书消息,告诉他 [内容]

前置条件:需要获取用户的 open_id

1. 获取群聊id的方法

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    request: SearchChatRequest = SearchChatRequest.builder() \
        .user_id_type("open_id") \
        .query("小鸭子") \
        .page_size(20) \
        .build()

    # 发起请求
    response: SearchChatResponse = client.im.v1.chat.search(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.chat.search failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

2. 发送消息

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    request: CreateMessageRequest = CreateMessageRequest.builder() \
        .receive_id_type("open_id") \
        .request_body(CreateMessageRequestBody.builder()
            .receive_id("ou_7d8a6e6df7621556ce0d21922b676706ccs")
            .msg_type("text")
            .content("{\"text\":\"test content\"}")
            .uuid("选填,每次调用前请更换,如a0d69e20-1dd1-458b-k525-dfeca4015204")
            .build()) \
        .build()

    # 发起请求
    response: CreateMessageResponse = client.im.v1.message.create(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.message.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

3. 图片消息

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    file = open("小鸭子.jpg", "rb")
    request: CreateImageRequest = CreateImageRequest.builder() \
        .request_body(CreateImageRequestBody.builder()
            .image_type("message")
            .image(file)
            .build()) \
        .build()

    # 发起请求
    response: CreateImageResponse = client.im.v1.image.create(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.image.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

4. 上传文件

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    file = open("飞书20260129-173520.mp4", "rb")
    request: CreateFileRequest = CreateFileRequest.builder() \
        .request_body(CreateFileRequestBody.builder()
            .file_type("mp4")
            .file_name(""1.mp4"")
            .duration("3000")
            .file(file)
            .build()) \
        .build()

    # 发起请求
    response: CreateFileResponse = client.im.v1.file.create(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.file.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

5. 查询群成员

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    request: GetChatMembersRequest = GetChatMembersRequest.builder() \
        .chat_id("oc_dcc94d101e8d41e291e90f4623eca17a") \
        .member_id_type("user_id") \
        .build()

    # 发起请求
    response: GetChatMembersResponse = client.im.v1.chat_members.get(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.chat_members.get failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

文档

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…