Feishu Proactive Messenger
v1.0.1飞书主动消息发送器 — 飞书渠道只支持被动回复,agent 无法主动发起对话。本 skill 调用飞书 OpenAPI 发送文本消息,补齐主动投递能力。| Feishu Proactive Messenger — Send text messages proactively via Feishu OpenAPI,...
⭐ 1· 427·1 current·1 all-time
byZiwen Wang@ziwenwang28
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: a Python CLI that reads Feishu appId/appSecret from ~/.openclaw/openclaw.json and calls Feishu OpenAPI to send text messages. Required binary (python3) and required config path are proportional to the described functionality.
Instruction Scope
SKILL.md and the bundled script limit operations to reading ~/.openclaw/openclaw.json, optional environment variables (OPENCLAW_CHAT_ID / OPENCLAW_RECEIVE_ID / FEISHU_CHAT_ID), resolving agent bindings, obtaining a tenant token, calling Feishu bot/info and im/v1/messages, and printing a result. There are no instructions to read unrelated system files or transmit data to endpoints beyond Feishu's open.feishu.cn.
Install Mechanism
No install spec that downloads or writes code to disk; the skill is instruction-only with a bundled Python script. It requires the requests library (documented). No remote/untrusted downloads or archive extraction are present.
Credentials
The only secret material the script needs is appId/appSecret from the declared OpenClaw config path; optional env vars used are for target IDs. It does not request unrelated cloud credentials or other secret tokens.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide agent configuration. It runs on demand (user-invocable) and does not request persistent elevated privileges.
Assessment
This skill appears to be what it says: a small Python CLI that reads Feishu appId/appSecret from your local OpenClaw config and calls Feishu's official OpenAPI to send a text message. Before installing/using it: (1) verify ~/.openclaw/openclaw.json contains only the account entries you expect and limit file permissions so only your user can read it; (2) confirm the Feishu app credentials have the minimal scopes needed (send messages) and do not expose broader privileges you don't want to share; (3) ensure you trust the agent(s) that will invoke this skill because it can send outbound messages on their behalf; and (4) install the requests package in a controlled environment (virtualenv) if desired. No remote downloads or unrelated credential access were found.Like a lobster shell, security has layers — review code before you run it.
latestvk9740dmx599bvkd1tncqgs0vc581x5ne
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📨 Clawdis
Binspython3
Config~/.openclaw/openclaw.json