feishu-send-file

飞书发送文件技能。用于通过飞书向用户发送普通文件附件（HTML、ZIP、PDF、代码文件等）以及处理“本地图片路径被发成路径文本”的可靠补救场景。普通文件必须先上传获取 `file_key` 再发送；当本地图片用 `message`/`media` 发送后在飞书里只显示 `/root/...png` 路径而不显示...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 3 · 972 · 22 current installs · 25 all-time installs

by@dadaniya99

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description, SKILL.md, and the two included Python scripts consistently implement uploading files/images to Feishu (im/v1/files and im/v1/images) and sending them. The scripts use Feishu/Lark endpoints only and require app_id/app_secret which are appropriate for this capability.

ℹ

Instruction Scope

SKILL.md instructs users/agents to read credentials from /root/.openclaw/openclaw.json (via a grep example) and shows an exec() usage example that interpolates variables into a shell command. Reading the OpenClaw config to obtain app_id/app_secret is coherent with the task, but the exec example demonstrates potentially unsafe string interpolation (shell injection / accidental credential exposure) and encourages accessing a local config file which may contain other sensitive data.

✓

Install Mechanism

No install spec — instruction-only with included scripts. The scripts call curl via subprocess/urllib to communicate with Feishu; no external downloads, no archive extraction, and no non-standard installs are present.

ℹ

Credentials

The skill does not declare required env vars but legitimately needs app_id and app_secret to obtain tenant tokens; SKILL.md suggests obtaining them from the OpenClaw config. Requesting those credentials is proportional to the described functionality, but users should be aware the skill assumes access to /root/.openclaw/openclaw.json (local config) which may contain other sensitive settings.

✓

Persistence & Privilege

always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or system-wide configuration.

Assessment

This skill appears to do exactly what it says: upload files/images to Feishu and send them. Before installing or running it, consider: (1) The scripts require your Feishu app_id and app_secret — only provide credentials for an app with minimal permissions. (2) SKILL.md suggests reading /root/.openclaw/openclaw.json to fetch credentials; verify that file contains only expected keys and that you are comfortable the skill (or agent) can read it. (3) Avoid copying the raw exec() example into a service that interpolates untrusted values — it can lead to shell injection or accidental credential leakage; prefer passing arguments safely to the scripts. (4) Review and run the included scripts in a controlled environment (non-root, limited network) if you have concerns. If you want stronger assurance, ask the skill author to accept credentials via environment variables or secured input rather than instructing agents to grep local config files.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.1

Download zip

latestvk9776a5y1n6ptbpnh7r4nqvhms82ygwz

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

飞书发送文件

飞书机器人发送普通文件（非图片/视频）需要两步：先上传文件获取 file_key，再用 file_key 发消息。

如果本地图片通过常规 message / media 路径发送后，用户在飞书里看到的是 /root/...png 路径文本而不是图片本体，不要继续重试同一种方式；直接改走本技能的稳定图片上传脚本。

快速流程

方式一：用脚本（推荐）

python3 scripts/send_file.py <file_path> <open_id> <app_id> <app_secret> [file_name]

参数说明：

file_path: 要发送的文件路径（HTML/PDF/ZIP/代码文件等）
open_id: 接收者的 open_id（从 inbound_meta 的 chat_id 字段获取，格式为 user:ou_xxx，取 ou_xxx 部分）
app_id: 飞书应用 ID（从 openclaw.json 的 channels.feishu.appId 读取）
app_secret: 飞书应用密钥（从 openclaw.json 的 channels.feishu.appSecret 读取）
file_name: 可选，自定义文件名（不填则用原文件名）

快速获取配置：

# 获取 app_id 和 app_secret
grep -A 2 '"feishu"' /root/.openclaw/openclaw.json | grep -E '(appId|appSecret)'

完整示例：

python3 /root/.openclaw/workspace/skills/feishu-send-file/scripts/send_file.py \
  /root/myfiles/report.html \
  <USER_OPEN_ID> \
  <YOUR_APP_ID> \
  <YOUR_APP_SECRET> \
  report.html

AI 助手使用示例：

# 当需要发送文件给用户时，直接调用脚本
exec(f"""
python3 /root/.openclaw/workspace/skills/feishu-send-file/scripts/send_file.py \\
  {file_path} \\
  {user_open_id} \\
  {app_id} \\
  {app_secret} \\
  {custom_filename}
""")

方式二：手动两步

Step 1 - 上传文件：

TOKEN=$(curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \
  -H "Content-Type: application/json" \
  -d '{"app_id":"<APP_ID>","app_secret":"<APP_SECRET>"}' | python3 -c "import json,sys; print(json.load(sys.stdin)['tenant_access_token'])")

FILE_KEY=$(curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/files" \
  -H "Authorization: Bearer $TOKEN" \
  -F "file_type=stream" \
  -F "file_name=<文件名>" \
  -F "file=@<文件路径>" | python3 -c "import json,sys; print(json.load(sys.stdin)['data']['file_key'])")

Step 2 - 发送消息：

curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"receive_id\":\"<OPEN_ID>\",\"msg_type\":\"file\",\"content\":\"{\\\"file_key\\\":\\\"$FILE_KEY\\\"}\"}"

稳定发送图片（2026-03-15 补充）

什么时候不要再硬用 `message` + `media`

如果你把本地图片路径（尤其是 /root/myfiles/...）传给飞书消息链路后，用户在飞书里看到的是：

📎 /root/myfiles/xxx.png
或纯本地路径文本

那就说明这次没有真正发成图片。不要继续重试同一种参数组合。

原因（真实世界版）

飞书真正的图片消息不是“把本地路径塞给消息发送器”
正路是：先上传到 im/v1/images，拿到 image_key，再发送 msg_type=image
OpenClaw / Feishu 插件在某些本地路径场景下（特别是 /root/myfiles/...）可能无法走通本地媒体上传链路，随后自动降级成把路径文本发出去
所以：messageId 返回成功 不等于 用户真的看到了图片

成功标准

只有一个成功标准：用户在飞书里实际看到图片本体。

如果回显的是路径文本，就视为失败。

这和普通文件的区别

普通文件：im/v1/files -> file_key -> msg_type=file
图片：im/v1/images -> image_key -> msg_type=image

这两条链路不要混用。

注意事项

普通文件：必须走本技能的两步流程，直接用 filePath 参数只会显示路径
图片：理论上 message tool 的 media 参数可以工作；但如果用户看到的是路径文本而不是图片本体，立刻改用 scripts/send_image.py
不要把 /root/myfiles/... 本地路径回显误判为发送成功
receive_id_type=open_id 对应个人用户；群聊用 chat_id 并替换类型
飞书 file_type 用 stream 适用于所有普通文件类型

Files

4 total

Select a file

Select a file to preview.

Comments

Loading comments…