飞书群消息撤回
v1.0.0撤回飞书群消息。以用户身份撤回(recall)飞书群聊或单聊中的消息。群主/管理员可撤回任意成员消息,普通成员只能撤回自己的消息。支持单条撤回、批量撤回、按时间范围撤回。触发词:撤回消息、recall message、删除群消息、recall、撤回。
⭐ 0· 65·1 current·1 all-time
bykoen@tz826
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The described purpose (recall/delete Feishu messages) matches the runtime actions (get_messages + delete). However the SKILL.md explicitly requires a user's OAuth token and the im:message scope, but the skill metadata lists no required credentials or primaryEnv. That mismatch is unexplained and disproportionate.
Instruction Scope
Instructions stay within the stated task (single, batch, time-range deletes) and do not ask to read unrelated files or external endpoints. However they permit bulk deletion across time ranges and instruct iterating through messages to delete — a legitimate capability but with high abuse potential if misused or if admin privileges are granted broadly.
Install Mechanism
No install spec or code files are present; this is instruction-only so nothing is written to disk. Low install risk.
Credentials
The runtime text requires a user OAuth token and the im:message scope, but the skill declares no required environment variables, secrets, or primary credential. That omission is a meaningful inconsistency: deleting user messages requires sensitive credentials but none are declared.
Persistence & Privilege
always is false and there is no install or persistent configuration. The skill does not request permanent presence or modify other skills; standard autonomous invocation applies.
What to consider before installing
This skill's behavior (deleting Feishu messages) requires a user's OAuth token and the im:message permission, but the published metadata does not declare any required credentials — that's an incoherence you should not ignore. Before installing or using it: 1) confirm the skill's source and trustworthiness (there's no homepage or known owner contact); 2) require the publisher to declare which credential the agent will use (e.g., a named primaryEnv like FEISHU_OAUTH_TOKEN) and limit scope to the minimum; 3) verify whether the app would get admin privileges in group chats (admins can delete other users' messages) and avoid granting such rights unless necessary; 4) ask how rate/volume and time-range deletes are constrained to prevent accidental or malicious mass-deletion; 5) prefer using a vetted official integration or a skill that clearly documents required tokens and permission handling. If the publisher cannot justify the missing credential declarations and provenance, treat the skill as risky and avoid installation.Like a lobster shell, security has layers — review code before you run it.
latest
飞书群消息撤回
使用 feishu_im_user_message 工具的 delete action 以用户身份撤回消息。
前置条件
- 已完成飞书用户 OAuth 授权(撤回操作需要用户身份)
- 应用已开通
im:messagescope - 群主/管理员可撤回群内任意消息;普通成员只能撤回自己的消息
撤回单条消息
feishu_im_user_message(action="delete", message_id="om_xxx")
可选参数 need_notification:设为 true 则群内显示"xxx 撤回了一条消息"通知。默认 false(静默撤回)。
撤回引用的消息
当用户引用某条消息说"撤回"时,从引用上下文获取 message_id,直接调用 delete。
批量撤回
- 用
feishu_im_user_get_messages获取目标消息列表(支持start_time/end_time时间范围过滤,chat_id指定群) - 过滤掉
deleted: true的消息 - 逐条调用
feishu_im_user_message(action="delete", message_id="om_xxx") - 汇报结果:成功数 / 失败数
按时间范围撤回
# 获取指定时间范围的消息
feishu_im_user_get_messages(
chat_id="oc_xxx",
start_time="2026-03-27T00:00:00+08:00",
end_time="2026-03-27T23:59:59+08:00",
page_size=50
)
# 逐条撤回未删除的消息
for msg in messages:
if not msg.deleted:
feishu_im_user_message(action="delete", message_id=msg.message_id)
注意:单次 get_messages 最多返回 50 条。如消息量大,需分页(用 page_token)。
注意事项
- 飞书限制:不支持撤回发出时间超过 1 天的消息
- 已删除的消息返回
deleted: true,跳过即可 - 撤回机器人消息也可用
message系统工具的deleteaction(无需用户授权) - 撤回用户消息必须用
feishu_im_user_message的delete(需要用户 OAuth token)
Comments
Loading comments...