Lark / Feishu Skill via OpenAPI MCP servers (300+ tools)

Based on FeiShu(飞书) / Lark's OpenAPI MCP server, manage user information, chats, emails, cloud documents, multidimensional tables, tasks, calendars, etc.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 397 · 4 current installs · 4 all-time installs

byAlone@al-one

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description, required env var LARK_MCP_SERVERS, and the use of mcporter/npx are consistent with calling Lark/Feishu MCP servers and enumerating/using MCP tools. Nothing required appears unrelated to the stated functionality.

ℹ

Instruction Scope

SKILL.md instructs the agent to read a workspace .env (then system env) and, if missing, prompt the user and update the .env file with MCP server URLs/tokens. It also runs npx -y mcporter to list/call MCP tools. These steps are within scope for configuring and using MCP but grant the skill the ability to read and write workspace secrets and execute an external package at runtime.

Install Mechanism

Install spec uses the npm package 'mcporter' (node kind) and recommends executing via 'npx -y mcporter'. Installing or invoking an npm package executes third-party code from the registry; this is a normal mechanism but carries moderate risk because the package's code is not included here and could perform unexpected actions.

ℹ

Credentials

The single required env var (LARK_MCP_SERVERS) is appropriate for the skill's purpose, but the workflow encourages persisting MCP tokens/URLs in a workspace .env file. Storing sensitive credentials in repository/workspace files increases exposure and should be judged carefully.

✓

Persistence & Privilege

The skill does not request always:true and does not declare system-wide privileges. The only persistence behavior in the instructions is writing/updating a workspace .env file, which is plausible for configuration but should be treated as sensitive.

What to consider before installing

This skill is coherent with its Lark/Feishu MCP purpose, but proceed cautiously. Before installing or running it: 1) Verify the reputation and source of the 'mcporter' npm package (review its npm/github code, maintainer, and recent changes). 2) Prefer invoking mcporter via npx in a disposable or sandboxed environment first so you don't install unknown packages system-wide. 3) Avoid committing sensitive MCP tokens into repository .env files — use a secrets manager or local-only env, and consider using a limited-scope test token. 4) If you need stronger assurance, ask the publisher for the mcporter source and a threat model (what the package will read/write/network to). If you can't validate the package, treat the skill as potentially risky and limit its access (run in isolated workspace or container).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97d9df8csje9hh88vq7pn7r5982d45q

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💼 Clawdis

Any binmcporter, npx

EnvLARK_MCP_SERVERS

Primary envLARK_MCP_SERVERS

Install

Install mcporter (node)

Bins: mcporter

npm i -g mcporter

SKILL.md

MCP Lark / FeiShu

Need to login to the Lark MCP Configuration Platform to add MCP services, obtain the MCP URL, and configure it into environment variables.

Lark MCP docs: https://open.larksuite.com/document/mcp_open_tools/call-feishu-mcp-server-in-remote-mode
飞书 MCP 文档: https://open.feishu.cn/document/mcp_open_tools/end-user-call-remote-mcp-server

Environment variables

Prioritize fetching from .env under the workspace, then use system environment variables. If not configured, ask the user for input and update it to .env.

# Configure multiple MCP service URLs and usage scenarios in environment variables
LARK_MCP_SERVERS='
open.larksuite.com/mcp/stream/xxx:Chats and Mails;
open.larksuite.com/mcp/stream/yyy:Cloud documents;
'

List of available tools

npx -y mcporter list 'open.larksuite.com/mcp/stream/<token>' --all-parameters

# Get the schema of the specified tool
npx -y mcporter list 'open.larksuite.com/mcp/stream/<token>' --json | jq '.tools[] | select(.name == "<tool_name>")'

Call specified tool

npx -y mcporter call 'open.larksuite.com/mcp/stream/<token>.<tool_name>' param1:"value1" foo:"bar"

References

Sent message content: references/message_create.md

About `mcporter`

To improve compatibility, use npx -y mcporter instead of mcporter when executing commands.

Files

2 total

Select a file

Select a file to preview.

Comments

Loading comments…