ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Send Voice

v0.1.0

将文本转为语音并通过飞书 audio 消息发送给指定用户。用于“给用户发语音”“把这段话转语音并发飞书”“语音播报结果”等场景,尤其当普通文件发送会降级为文本时使用。仅在指定 channel=feishu 时触发。优先在需要高可达、可听播报时使用。

2· 518·5 current·5 all-time
bytangzhan_aicoding@tangc

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangc/feishu-send-voice.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Feishu Send Voice" (tangc/feishu-send-voice) from ClawHub.
Skill page: https://clawhub.ai/tangc/feishu-send-voice
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install tangc/feishu-send-voice

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-send-voice
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The script implements exactly what the name/description promise: uses edge-tts to generate MP3, ffmpeg to convert to opus-in-ogg, obtains a Feishu tenant token, uploads the file and sends an audio message to a specified open_id. The need for ffmpeg, edge-tts and Feishu credentials is coherent with that purpose.
Instruction Scope
SKILL.md and the shell script are consistent: they instruct running the provided script which only reads the OpenClaw config (or env vars), writes temporary files, calls local binaries (edge-tts/ffmpeg/ffprobe/python3) and makes requests to official Feishu endpoints. The script does not reference other system paths or send data to unexpected external endpoints.
Install Mechanism
There is no install spec; this is instruction-only plus a shell script that relies on existing local binaries. That is the lowest install risk and consistent with the declared runtime requirements.
!
Credentials
Registry metadata lists no required config paths or credentials, but the script and SKILL.md require Feishu credentials — either via environment variables (FEISHU_APP_ID/FEISHU_APP_SECRET) or by reading ~/.openclaw/openclaw.json. This mismatch (metadata says none, runtime requires credentials/config) is an incoherence that could surprise users. Otherwise, the amount and type of secrets requested are proportional to the task.
Persistence & Privilege
The skill does not request permanent/always-on inclusion, does not modify other skills or global agent settings, and does not persist credentials beyond the normal API calls. Autonomous invocation is allowed (platform default) but not combined with other high-risk behaviors.
What to consider before installing
This skill appears to be what it claims (text→TTS→send to Feishu). Before installing or running it: 1) verify the script source/trustworthiness (source is listed as unknown); 2) note that it reads your Feishu appId/appSecret either from environment variables or from ~/.openclaw/openclaw.json — the package metadata did not declare that config dependency, so confirm you’re comfortable granting it access to that file; 3) prefer supplying FEISHU_APP_ID/FEISHU_APP_SECRET via environment variables rather than leaving credentials in shared config; 4) inspect and run the script in a controlled environment (or with minimal-permission Feishu app) to confirm behavior; and 5) ensure edge-tts and ffmpeg are installed from trusted sources. If you cannot verify the skill source or do not want the skill to read ~/.openclaw/openclaw.json, do not install/run it.

Like a lobster shell, security has layers — review code before you run it.

latestvk978hbfm4eahtx7mb2594k27zs829hv3
518downloads
2stars
1versions
Updated 14h ago
v0.1.0
MIT-0
tangzhan_aicoding@tangc
latest
Download

Feishu Voice TTS

Overview

把文本转换为语音(edge-tts),再转码为飞书可用的 Opus(OGG 容器),调用飞书开放平台“先上传文件再发 audio 消息”的标准流程发送,避免“直接发文件被降级成文本”。

Quick Start

执行脚本:

skills/feishu-voice-tts/scripts/send_feishu_voice.sh "用户你好,这是一条语音消息" "user_open_id"

参数:

  1. text(必填)要播报的文本
  2. open_id(必填,可用环境变量替代)飞书用户 open_id
  3. voice(可选)edge-tts 音色,默认 zh-CN-YunxiNeural

环境变量(可选,优先级高于配置文件):

  • FEISHU_APP_ID
  • FEISHU_APP_SECRET
  • FEISHU_OPEN_ID
  • EDGE_TTS_VOICE

Workflow

按以下顺序执行,不要跳步:

  1. 文本转语音:edge-tts 生成 mp3
  2. 转码:ffmpeg 转为 audio/ogg(opus 编码,16k 单声道)
  3. 获取 tenant token:飞书 /auth/v3/tenant_access_token/internal
  4. 上传语音文件:飞书 /im/v1/files,拿 file_key
  5. 发送 audio 消息:飞书 /im/v1/messagesmsg_type=audio + file_key

成功时脚本输出:

{"success": true, "message_id": "...", "file_key": "..."}

Requirements

  • ffmpeg 可用
  • edge-tts 可用(脚本自动尝试以下入口):
    • edge-tts
    • ~/Library/Python/3.14/bin/edge-tts
    • python3 -m edge_tts
  • 本机存在 OpenClaw 配置:~/.openclaw/openclaw.json
    • 默认读取:channels.feishu.accounts.feishu-main.appId/appSecret

Failure Handling

  • 缺少依赖:按报错安装(例如 python3 -m pip install --user edge-tts
  • 飞书 API 失败:脚本会直接输出原始 JSON 错误,按 code/msg 排查
  • 被降级成文本:确认发送的是 msg_type=audiocontent 里是上传后的 file_key

scripts/

  • scripts/send_feishu_voice.sh:完整自动化脚本(TTS + 转码 + 上传 + 发送)

Comments

Loading comments...