Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for evan966890/clawgirl.
Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ai Companion Setup" (evan966890/clawgirl) from ClawHub.
Skill page: https://clawhub.ai/evan966890/clawgirl
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: FAL_KEY
Required binaries: curl, jq, ffmpeg, ffprobe, python3, edge-tts
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.
Command Line
CLI Commands
Use the direct CLI path if you want to install manually and keep every step visible.
The declared binaries (curl, jq, ffmpeg, python3, edge-tts) and the single required env var (FAL_KEY) are consistent with image/TTS generation and HTTP API calls described. However, the SKILL.md also instructs direct Feishu API calls that require app_id/app_secret (tenant token) which are not listed in requires.env or primary credentials — this omission is an incoherence between stated requirements and actual instructions.
!
Instruction Scope
The instructions tell the agent to read and write files under ~/.openclaw/workspace-*/ and memory/, to read $HOME/.openclaw/openclaw.json as a fallback for FAL_KEY, and to bypass OpenClaw and call Feishu APIs directly using app credentials. Reading the global openclaw.json as a fallback may expose other environment values stored there. The guide also tells the agent to perform cron-style autonomous heartbeats and to run scripts that send messages, which grants the skill broad ability to read local config and push outbound network requests. The instructions are specific (good) but they enable reading arbitrary config and making external API calls — check that only expected files and secrets will be accessed.
✓
Install Mechanism
Instruction-only skill with no install spec or remote downloads. This is lower-risk from an install perspective because nothing is automatically written/executed by an installer.
!
Credentials
The registry metadata requires only FAL_KEY, which matches the fal.ai usage. But the runtime instructions require Feishu credentials (APP_ID, APP_SECRET) to fetch tenant_access_token and upload/send audio; those credentials are not declared. The skill also instructs reading openclaw.json for env fallbacks, which could expose other environment secrets stored there. The declared env list is therefore incomplete relative to what the guide needs and what it reads.
✓
Persistence & Privilege
always is false and there is no install step that modifies other skills or system-wide config. The guide describes cron heartbeats and files under ~/.openclaw workspace which are per-agent artifacts; this is expected for an agent that runs periodically.
What to consider before installing
This guide appears to be a plausible, instruction-only how-to for building a Feishu-based companion, but it has gaps and some risky behaviors you should verify before using it:
- Missing declared Feishu credentials: The scripts call Feishu APIs and require APP_ID and APP_SECRET (tenant_access_token) but the skill metadata only lists FAL_KEY. Do not run the scripts until you know where those Feishu credentials should live and you are comfortable providing them.
- Review any file-read fallbacks: The selfie script falls back to reading $HOME/.openclaw/openclaw.json for FAL_KEY. Inspect that file yourself — it may contain other environment variables or secrets. Prefer providing only the single secret the script needs (FAL_KEY) via a dedicated env var or a secrets store rather than allowing automatic fallback reads.
- Inspect and vet the scripts before running: The guide encourages bypassing OpenClaw and calling Feishu directly; ensure any hard-coded placeholders ({account}, {open_id}) are replaced safely and that you use a test bot/app with minimal permissions when developing.
- Principle of least privilege: Create a Feishu app with only the needed permissions (im:file, im:message:send_as_bot) and use a dedicated fal.ai key with limited billing controls if possible.
- File permissions and scope: The agent writes memory files under ~/.openclaw — consider limiting filesystem permissions and reviewing what will be stored (personal data). If you want less risk, run on a throwaway/test account or containerize the environment so the skill cannot read unrelated files.
If you want to proceed: ask the skill author to update requires.env to include the Feishu APP_ID/APP_SECRET (or explicitly state how to supply them) and to document exactly which files under ~/.openclaw the scripts will read. If the author cannot or will not clarify, treat the skill as suspicious and avoid providing production credentials or sensitive data.
Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
💕 Clawdis
Binscurl, jq, ffmpeg, ffprobe, python3, edge-tts
EnvFAL_KEY
latestvk977yhktwjfvgpy68b45rz5zes8222v7
381downloads
0stars
1versions
Updated 17h ago
v1.0.0
MIT-0
AI Companion Agent 搭建指南
从零搭建一个能在飞书上主动聊天、发语音、发自拍、分享内容的 AI 陪伴 agent。基于 OpenClaw 多 agent 框架,历经实战调教沉淀。
