Feishu Image Sender 飞书发图指南

Feishu IM messaging operations: send messages, images, files to users and groups via Bot API. Activate when user mentions: 飞书发图、发送图片、飞书消息、im:resource、image_k...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 349 · 0 current installs · 0 all-time installs

byjiao yang@InuyashaYang

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

Skill name/description (Feishu image/file sending) matches the instructions (use the platform 'message' tool, two-step upload via /im/v1/images then /im/v1/messages). However the SKILL.md instructs using absolute local file paths (filePath="/absolute/path/to/image.jpg"), which implies the agent will need read access to user files; the registry metadata lists no required config paths. This is explainable (sending an image legitimately requires reading the image file) but is a small mismatch between declared metadata and the runtime behavior described.

✓

Instruction Scope

Instructions are narrowly scoped to Feishu IM operations: call the message tool, upload images via the upload API, and then send messages with image_key. The guide documents failure modes, error codes, and distinguishes webhook bots vs Bot App. It does not instruct the agent to read unrelated system files, exfiltrate data, or contact endpoints outside Feishu APIs (aside from referencing official docs).

✓

Install Mechanism

No install spec or code files — instruction-only. No downloads or third-party packages are proposed, so there is no install-time risk.

✓

Credentials

The skill declares no required environment variables or credentials; it relies on the platform's Feishu channel having im:resource, im:message, and im:message:send_as_bot scopes. The SKILL.md mentions tenant_access_token lifecycle (TTL ~2h) and that OpenClaw refreshes tokens automatically; requesting those Feishu scopes is appropriate for the described functionality. No unrelated secrets are requested.

✓

Persistence & Privilege

Skill is not always-enabled and has no install-time persistence. It does not request modification of other skills or system-wide settings. Autonomous invocation is allowed by platform default but is not combined with other suspicious privileges.

Assessment

This skill appears to do what it says: help send images through a Feishu Bot App. Before installing, confirm that your OpenClaw Feishu channel is configured as a Bot App (has im:resource, im:message, im:message:send_as_bot) rather than a webhook. Be aware that the skill's recommended usage expects the agent to read local image file paths you provide (absolute filePath), so avoid sending sensitive images you would not want the agent or the configured bot to access. Finally, if you operate across multiple Feishu tenants, note image_key is tenant-bound and token expiry can cause intermittent failures — verify app_id/app_secret are correct in your channel configuration.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk971ccwsft3k5qzan7az6y1fwh824e6w

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Feishu IM Tool

Use the message tool with channel=feishu for all IM operations.

Send Text Message

message(action=send, channel=feishu, target=<user_id or chat_id>, message="text")

Send Image (CORRECT method)

Always use filePath or media, never paste a raw path in message text.

message(action=send, channel=feishu, target=<chat_id>, filePath="/absolute/path/to/image.jpg")

Or with caption:

message(action=send, channel=feishu, target=<chat_id>, media="/path/to/image.jpg", message="caption text")

The tool handles the two-step upload internally:

POST /im/v1/images → get image_key
POST /im/v1/messages with image_key

Common Failure Modes — Images Show as Path/Link

See references/image-sending-pitfalls.md for full diagnosis.

TL;DR root causes:

Assistant wrote raw file path in message text instead of calling message tool → plain text, no upload
Used MEDIA:/absolute/path → security filter strips it
image_type wrong during upload (must be message, not avatar)
tenant_access_token expired (TTL ~2h) → upload silently fails, key is empty
Webhook custom bot used instead of Bot App → no access_token, can't upload images

Permissions Required

Scope	Purpose
`im:resource`	Upload image/file to IM, get file_key / image_key
`im:message`	Send messages with media
`im:message:send_as_bot`	Send as bot identity

All three are currently granted on this installation.

Bot Type Comparison

Feature	Webhook Custom Bot	Bot App (自建应用)
Send text	✅	✅
Send image	⚠️ base64 only (不推荐)	✅ via image_key
access_token	❌ 无	✅ tenant_access_token
Upload API	❌ 不支持	✅ /im/v1/images

OpenClaw uses Bot App — always use the message tool, not raw Webhook POST.

Token Refresh

tenant_access_token expires in ~2 hours. If uploads silently fail:

Error code 99991663 = image_key invalid
Error code 99991400 = token expired

OpenClaw refreshes tokens automatically on each API call. If you see these errors, check Gateway logs.

References

references/image-sending-pitfalls.md — detailed failure mode diagnosis
Feishu API docs: https://open.feishu.cn/document/server-docs/im-v1/image/create

Files

2 total

Select a file

Select a file to preview.

Comments

Loading comments…