ClawHub

Feishu Messaging 0

飞书消息发送与文档创建工作流。 触发场景:查找群成员、查找群ID、发送消息失败需要重新尝试。 适用于:发送飞书消息。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 180 · 0 current installs · 0 all-time installs
by@xq-8
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md is a Feishu (飞书) integration that builds a client with app_id and app_secret and calls the Feishu API (send message, upload files, list chat members). However the skill metadata lists no required environment variables, no primary credential, and no config paths. A Feishu messaging skill legitimately needs an app_id/app_secret (or an API token) — their absence from required env is an incoherence. Additionally, the embedded _meta.json ownerId/version differ from the registry metadata, which raises provenance questions.
Instruction Scope
The runtime instructions stay within the stated purpose: examples show how to search chats, send text/image/file messages, upload files, and list members using the lark_oapi client. They reference opening local files for upload (image, mp4) and logging raw responses; these are expected for this functionality but mean the skill will interact with local files if implemented. The examples also log raw response contents (which could include sensitive info), and they assume the caller will supply app_id/app_secret (placeholders present) even though metadata doesn't declare them.
Install Mechanism
This is instruction-only (no install spec, no code files to execute). That is low-install risk; nothing is downloaded or written by an install step.
!
Credentials
The SKILL.md expects Feishu credentials (app_id and app_secret) but requires.env and primary credential are empty. This mismatch is disproportionate: a Feishu messaging skill should declare the credentials it needs. The examples also reference local file paths for uploads — the skill metadata does not document this requirement. Lack of declared secrets prevents secure provisioning and secret-scoping by the platform.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only; it does not declare any behavior that would modify other skills or system-wide agent settings. No persistence/privilege escalation is evident from the provided files.
What to consider before installing
This skill appears to be a straightforward Feishu API how-to, but it contains two important inconsistencies you should resolve before installing or using it: - Credentials: The code examples require Feishu app_id and app_secret (or an equivalent token) but the skill metadata declares no required environment variables or primary credential. Ask the publisher to explicitly declare which secrets the skill needs and how they should be provided (platform secret store vs. interactive input). Do NOT paste your app_secret into free-text fields. - Provenance: The embedded _meta.json ownerId/version do not match the registry metadata; confirm the author/publisher identity and that you trust that source. - Data handling: The examples read local files for uploads and log raw response bodies; consider whether you want the agent to access local files and ensure logging won't leak sensitive data. Recommended actions: 1) Ask the skill author to update metadata to list required environment variables (e.g., FEISHU_APP_ID, FEISHU_APP_SECRET) and to correct owner/version info. 2) Review and test the skill in a restricted environment with non-production credentials first. 3) Ensure any credentials are stored in the platform's secret manager (not pasted in chat), and check that logs do not capture secrets. If the author provides corrected metadata that explicitly lists the required credentials and provenance is verified, the inconsistencies would be resolved and this assessment could be revised.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97c4wvmtvm6ycpvkyss7mcrbh827t7w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

飞书消息与文档 Skill

概述

此 Skill 通过飞书开放平台 API 帮助用户发送消息、创建文档和管理飞书资源。

核心能力

功能状态所需权限
发送文本消息✅ 可用im:message:send_as_bot
获取群聊列表✅ 可用im:chat:readonly
获取群成员✅ 可用im:chat.members:read

使用方法

发送消息给指定用户

给 [姓名] 发一条飞书消息,告诉他 [内容]

前置条件:需要获取用户的 open_id

1. 获取群聊id的方法

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    request: SearchChatRequest = SearchChatRequest.builder() \
        .user_id_type("open_id") \
        .query("小鸭子") \
        .page_size(20) \
        .build()

    # 发起请求
    response: SearchChatResponse = client.im.v1.chat.search(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.chat.search failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

2. 发送消息

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    request: CreateMessageRequest = CreateMessageRequest.builder() \
        .receive_id_type("open_id") \
        .request_body(CreateMessageRequestBody.builder()
            .receive_id("ou_7d8a6e6df7621556ce0d21922b676706ccs")
            .msg_type("text")
            .content("{\"text\":\"test content\"}")
            .uuid("选填,每次调用前请更换,如a0d69e20-1dd1-458b-k525-dfeca4015204")
            .build()) \
        .build()

    # 发起请求
    response: CreateMessageResponse = client.im.v1.message.create(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.message.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

3. 图片消息

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    file = open("小鸭子.jpg", "rb")
    request: CreateImageRequest = CreateImageRequest.builder() \
        .request_body(CreateImageRequestBody.builder()
            .image_type("message")
            .image(file)
            .build()) \
        .build()

    # 发起请求
    response: CreateImageResponse = client.im.v1.image.create(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.image.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

4. 上传文件

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    file = open("飞书20260129-173520.mp4", "rb")
    request: CreateFileRequest = CreateFileRequest.builder() \
        .request_body(CreateFileRequestBody.builder()
            .file_type("mp4")
            .file_name(""1.mp4"")
            .duration("3000")
            .file(file)
            .build()) \
        .build()

    # 发起请求
    response: CreateFileResponse = client.im.v1.file.create(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.file.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

5. 查询群成员

import json

import lark_oapi as lark
from lark_oapi.api.im.v1 import *


def main():
    # 创建client
    client = lark.Client.builder() \
        .app_id("YOUR_APP_ID") \
        .app_secret("YOUR_APP_SECRET") \
        .log_level(lark.LogLevel.DEBUG) \
        .build()

    # 构造请求对象
    request: GetChatMembersRequest = GetChatMembersRequest.builder() \
        .chat_id("oc_dcc94d101e8d41e291e90f4623eca17a") \
        .member_id_type("user_id") \
        .build()

    # 发起请求
    response: GetChatMembersResponse = client.im.v1.chat_members.get(request)

    # 处理失败返回
    if not response.success():
        lark.logger.error(
            f"client.im.v1.chat_members.get failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
        return

    # 处理业务结果
    lark.logger.info(lark.JSON.marshal(response.data, indent=4))


if __name__ == "__main__":
    main()

文档

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…