ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Bot

v1.0.0

Feishu (Lark) Bot integration for messaging, group management, and approval workflows. Send messages, manage groups, handle approvals, and automate notificat...

0· 115·0 current·0 all-time
by@jason-aka-chen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jason-aka-chen/feishu-bot-chen.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Feishu Bot" (jason-aka-chen/feishu-bot-chen) from ClawHub.
Skill page: https://clawhub.ai/jason-aka-chen/feishu-bot-chen
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install feishu-bot-chen

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-bot-chen
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and feishu_bot.py both implement expected Feishu bot capabilities (messaging, group mgmt, approvals) and call the Feishu Open Platform endpoints. This capability matches the name/description. However, the registry metadata declares no required environment variables or primary credential even though the instructions and code require FEISHU_APP_ID and FEISHU_APP_SECRET.
Instruction Scope
The runtime instructions are scoped to Feishu API interactions: sending messages, uploading images, group and approval APIs. They instruct setting FEISHU_APP_ID/FEISHU_APP_SECRET and using the provided methods. The SKILL.md does not instruct reading unrelated system files or transmitting data to unexpected external endpoints.
Install Mechanism
There is no install spec (instruction-only plus a Python source file). This reduces install risk. However, the code imports the third-party 'requests' library but the skill does not declare dependencies; the runtime may fail or implicitly rely on a network-visible package being present in the environment.
!
Credentials
The SKILL.md and code expect FEISHU_APP_ID and FEISHU_APP_SECRET (sensitive credentials) which are appropriate for a Feishu integration. But the package metadata lists no required env vars or primary credential; that mismatch is concerning because the platform may not surface the credential requirement to you, and the skill will still attempt to read those env vars at runtime. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills or system config, and does not request elevated persistence. It runs as a normal, user-invocable skill.
What to consider before installing
This skill appears to be a straightforward Feishu (Lark) bot implementation, but there are a few things to check before installing: - The SKILL.md and the Python code require FEISHU_APP_ID and FEISHU_APP_SECRET (sensitive API credentials). The registry metadata did not declare those env vars — confirm the owner will prompt for/provide these securely before enabling the skill. - The code imports the 'requests' library but no dependency list or install steps are included. Ensure your environment will provide the required Python packages or that you trust the skill won't attempt to pull/install dependencies from untrusted sources. - Review the code yourself (or ask the publisher) to ensure the FEISHU_APP_ID/SECRET are used only for legitimate Feishu API calls and not forwarded elsewhere. The current code only calls open.feishu.cn endpoints and a user-supplied webhook URL, but always verify the source of the skill and the maintainer's reputation. - Be cautious if you plan to use upload_image or file-related methods: they will read local files (you must pass a path), so avoid passing sensitive local files. If you don't trust the publisher or cannot verify how credentials are handled, do not install or provide credentials. If you proceed, supply credentials with least privilege possible (Feishu app scoped to only the permissions you need) and monitor token usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk973a1520wd0b88khtkke1rgas83dz5f
115downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@jason-aka-chen
latest
Download

Feishu Bot

Complete Feishu/Lark bot integration for AI agents.

Features

1. Messaging

  • Send text, rich text, and card messages
  • Send to users, groups, or via webhook
  • Reply to messages
  • Upload and send files/images

2. Group Management

  • Create groups
  • Add/remove members
  • Update group info
  • Bot group management

3. Approval Workflows

  • Create approval instances
  • Query approval status
  • Cancel approvals
  • Approval notifications

Prerequisites

  1. Create a Feishu App at https://open.feishu.cn/app
  2. Get App ID and App Secret
  3. Configure permissions:
    • im:message - Send messages
    • im:message:send_as_bot - Send as bot
    • contact:user.base:readonly - Read user info
    • im:chat - Manage groups
    • approval:approval - Approval workflows

Configuration

Set environment variables:

export FEISHU_APP_ID="cli_xxx"
export FEISHU_APP_SECRET="xxx"

Or configure in OpenClaw settings.

Usage

Send Text Message

from feishu_bot import FeishuBot

bot = FeishuBot()

# Send to user
bot.send_text("user_id", "Hello from bot!")

# Send to group
bot.send_text("chat_id", "Group message", is_chat=True)

Send Card Message

card = {
    "type": "template",
    "data": {
        "template_id": "xxx",
        "template_variable": {"title": "Notification"}
    }
}
bot.send_card("chat_id", card)

Create Group

group = bot.create_group(
    name="Project Team",
    user_ids=["ou_xxx", "ou_yyy"]
)
print(group["chat_id"])

Approval Workflow

# Create approval
approval = bot.create_approval(
    approval_code="xxx",
    user_id="ou_xxx",
    form={"field1": "value1"}
)

# Query status
status = bot.get_approval_instance(approval["instance_id"])

API Reference

MethodDescription
send_text(target, text, is_chat=False)Send text message
send_card(target, card, is_chat=False)Send card message
send_image(target, image_key, is_chat=False)Send image
send_file(target, file_key, is_chat=False)Send file
create_group(name, user_ids)Create group
add_group_members(chat_id, user_ids)Add members
remove_group_members(chat_id, user_ids)Remove members
create_approval(approval_code, user_id, form)Create approval
get_approval_instance(instance_id)Get approval status

Error Handling

Common errors:

  • 99991663: Token expired - refresh tenant token
  • 99991664: Permission denied - check app permissions
  • 99991661: User not found - verify user_id

Links

Comments

Loading comments...