Feishu File Sender
v1.0.9飞书文件发送器 — 补齐飞书渠道缺失的文件投递能力,通过飞书 OpenAPI 上传并发送 agent 生成的本地文件。| Feishu File Sender — Upload & send files via Feishu OpenAPI, filling the channel's missing file...
⭐ 8· 5.7k·75 current·79 all-time
byZiwen Wang@ziwenwang28
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe uploading local files to Feishu. The script only requires python3 and the OpenClaw config (~/.openclaw/openclaw.json) to locate appId/appSecret, then calls Feishu token/upload/send APIs — all of which are necessary and proportional for the claimed functionality.
Instruction Scope
SKILL.md and the script instruct the agent to read the OpenClaw config, resolve an agent by matching cwd against workspace paths, optionally read environment variables (OPENCLAW_CHAT_ID / OPENCLAW_RECEIVE_ID / FEISHU_CHAT_ID), and then call Feishu APIs. These steps stay within the stated purpose, but the script does read optional environment variables that are not listed in the skill's top-level 'required env vars' — they are optional for receive_id resolution.
Install Mechanism
No install spec is provided (instruction-only). The README notes 'requests' is required; that is a reasonable, low-risk dependency for an HTTP client. Nothing is downloaded from arbitrary URLs nor are archives extracted.
Credentials
The skill reads appId/appSecret from ~/.openclaw/openclaw.json (declared in manifest) which is necessary to obtain a tenant token and send files. It does not request unrelated cloud credentials. However, it also optionally inspects environment variables (OPENCLAW_CHAT_ID / OPENCLAW_RECEIVE_ID / FEISHU_CHAT_ID) that are not declared as required in registry metadata — this is benign but worth noting so users know which env vars may be consulted.
Persistence & Privilege
always:false and default model-invocation behavior. The skill does not request permanent or system-wide changes and does not modify other skills. It only reads a per-user OpenClaw config file and performs network calls to Feishu, which matches its purpose.
Assessment
This skill appears to do exactly what it says: read your OpenClaw config for Feishu appId/appSecret, obtain a tenant token, upload a specified local file, and send it to a chat. Before using it, verify you trust the source and inspect ~/.openclaw/openclaw.json (it contains app secrets) and the included script. Ensure the bot/account in that config is appropriate for sending the file and avoid sending sensitive files unintentionally. Note the tool will also accept optional env vars (OPENCLAW_CHAT_ID / OPENCLAW_RECEIVE_ID / FEISHU_CHAT_ID) for resolving the receive_id even though none are listed as required in the metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk97b2xs1xndx9n52s8mk055c9181tpvm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📎 Clawdis
Binspython3
Config~/.openclaw/openclaw.json