ClawHub

飞书消息直接发送文件

v1.0.0

飞书消息直接发送文件附件技能。当用户需要直接通过飞书消息发送文件附件(而不是文档链接)时使用此技能。

0· 19·0 current·0 all-time
byLeo Liu@gongjieliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (directly send file attachments via Feishu) align with the declared tooling and examples: message() for sending, write() for creating files, exec() for file discovery. Nothing requested is unrelated to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to read, create, list, and exec shell commands against local filesystem paths (e.g., /root/.openclaw/workspace/, /tmp, arbitrary /path/to/*). That is necessary for a file-send skill, but it also means the skill — when run — can access and transmit any file the agent process can read. The instructions do not include safeguards limiting which paths or file types may be sent.
Install Mechanism
Instruction-only skill with no install spec and no downloads. No code files or external installers are present, so nothing will be written to disk by an installer step.
Credentials
The skill does not request environment variables, credentials, or config paths. It relies on the platform-provided message tool (presumably already configured) rather than asking for unrelated secrets.
Persistence & Privilege
always:false and no requests to modify other skills or global agent configuration. The skill does not request permanent elevated presence or access to other skills' credentials.
Assessment
This skill appears coherent with its purpose, but be careful before using it on sensitive systems: it will read and send any files the agent process can access. Recommendations: (1) only run it in a controlled workspace or test environment first; (2) review and restrict the file paths you allow it to access (avoid scanning whole home/root directories); (3) avoid sending secrets or system config files; (4) confirm the target Feishu channel and its membership so attachments don't leak to unintended recipients; (5) consider adding explicit path/type filters or confirmation steps in prompts to prevent accidental bulk exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97evb6myrnpt19ms7p4ga43sd84rat2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📎 Clawdis

Comments