ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Voice (ElevenLabs)

v1.1.0

Send and receive voice messages on Feishu (Lark) using ElevenLabs TTS and STT. Activate when user asks to send a voice message on Feishu, or when receiving a...

0· 471·0 current·0 all-time
byDongDong@dongdongbear

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dongdongbear/feishu-voice-elevenlabs.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Feishu Voice (ElevenLabs)" (dongdongbear/feishu-voice-elevenlabs) from ClawHub.
Skill page: https://clawhub.ai/dongdongbear/feishu-voice-elevenlabs
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install dongdongbear/feishu-voice-elevenlabs

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-voice-elevenlabs
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and included scripts clearly require ElevenLabs and Feishu credentials (ELEVENLABS_API_KEY, FEISHU_APP_ID, FEISHU_APP_SECRET, ELEVENLABS_VOICE_ID, ELEVENLABS_MODEL_ID). However registry metadata reported "Required env vars: none" and "Primary credential: none", which is inconsistent with the files. The requested env vars are appropriate for the declared purpose, but the metadata mismatch is misleading and should be corrected.
Instruction Scope
Runtime instructions and scripts perform exactly the expected actions: call ElevenLabs TTS/STT, convert audio with ffmpeg, obtain tenant_access_token from Feishu API, upload and send audio. SKILL.md also recommends installing 'sag' and ffmpeg. One instruction suggests extracting FEISHU_APP_ID / FEISHU_APP_SECRET from $HOME/.openclaw/openclaw.json; the scripts themselves do not automatically read that file but the doc gives a snippet to export these values — this reads local OpenClaw config and is functionally relevant but worth flagging because it touches a local config file that may contain other secrets if misused.
Install Mechanism
The skill is instruction-only with small helper scripts; there is no install spec. It depends on external CLI binaries (sag, ffmpeg/ffprobe). That is reasonable for a script-based integration, but users should confirm the provenance of 'sag' (npm or go install) before installing from package registries.
!
Credentials
The required environment variables (ElevenLabs API key, ElevenLabs voice/model IDs, Feishu app ID/secret) are proportionate to the feature. Concern arises because the public metadata did not declare these required secrets, and because the README suggests extracting FEISHU_APP_ID/FEISHU_APP_SECRET from ~/.openclaw/openclaw.json — accessing a local agent config can expose credentials if the file contains other tokens or if the extraction is run blindly. The scripts themselves only use the specific Feishu fields, but the guidance to programmatically read local config increases risk if run without inspection.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills or system-wide settings, and contains only runtime scripts. Autonomous invocation remains enabled by default (platform standard) but does not combine with other high privileges here.
What to consider before installing
This skill appears to implement the claimed Feishu TTS/STT functionality, but note two issues before installing: (1) The registry metadata claims no required env vars while SKILL.md and the scripts require multiple secrets (ElevenLabs API key and Feishu app credentials). Don't trust the metadata alone — verify and supply only the minimum credentials. (2) SKILL.md suggests extracting FEISHU_APP_ID/FEISHU_APP_SECRET from $HOME/.openclaw/openclaw.json; inspect that file manually to ensure it contains only the expected Feishu fields and no other sensitive tokens before running the provided extraction snippet. Additional precautions: verify the origin of the 'sag' CLI before installing (npm/go), run the scripts in a restricted environment or container if possible, and consider creating Feishu credentials with limited scope/permissions for this integration.

Like a lobster shell, security has layers — review code before you run it.

latestvk973jza2k0ygg4xezvd5jdxs0h82458a
471downloads
0stars
2versions
Updated 16h ago
v1.1.0
MIT-0
DongDong@dongdongbear
latest
Download

Feishu Voice (TTS + STT)

Send voice messages and transcribe received voice messages on Feishu using ElevenLabs.

Prerequisites

  • sag CLI (ElevenLabs TTS): npm i -g sag or go install
  • ffmpeg / ffprobe: brew install ffmpeg
  • ElevenLabs paid plan (required for library voices)
  • Feishu app with im:message:send_as_bot and im:file permissions

Environment Variables

VariableRequiredDescription
ELEVENLABS_API_KEYElevenLabs API key
FEISHU_APP_ID✅ (TTS)Feishu app ID
FEISHU_APP_SECRET✅ (TTS)Feishu app secret
ELEVENLABS_VOICE_ID✅ (TTS)Voice ID (browse at elevenlabs.io/voice-library)
ELEVENLABS_MODEL_ID✅ (TTS)Model ID (e.g. eleven_multilingual_v2, eleven_v3)
ELEVENLABS_SPEEDSpeech speed 0.5-2.0 (default: 1.0)

If FEISHU_APP_ID / FEISHU_APP_SECRET are not in env, extract from openclaw config:

export FEISHU_APP_ID=$(python3 -c "import json; print(json.load(open('$HOME/.openclaw/openclaw.json'))['channels']['feishu']['appId'])")
export FEISHU_APP_SECRET=$(python3 -c "import json; print(json.load(open('$HOME/.openclaw/openclaw.json'))['channels']['feishu']['appSecret'])")

Voice Selection

See config/voice-config.example.json for a curated voice list. Browse all voices at https://elevenlabs.io/voice-library or run sag voices.

Recommended models:

  • eleven_multilingual_v2 — best for Chinese and multilingual content
  • eleven_v3 — latest English-optimized model

Sending Voice Messages (TTS)

scripts/feishu-voice-send.sh <text> <receive_id> [receive_id_type] [speed]
  • receive_id: target user open_id or chat_id
  • receive_id_type: open_id (default) or chat_id
  • speed: speech speed multiplier, 0.5-2.0 (default: 1.0)

Receiving Voice Messages (STT)

When OpenClaw delivers a Feishu voice message, it arrives as a media attachment (.ogg file). Transcribe with:

scripts/feishu-voice-stt.sh /path/to/audio.ogg

Returns recognized text to stdout. Uses ElevenLabs scribe_v1 model with automatic language detection.

Fallback: Download via Feishu API

If the audio file is not delivered as an attachment (only file_key available):

  1. List recent messages: GET /im/v1/messages?container_id_type=chat&container_id=CHAT_ID&page_size=5&sort_type=ByCreateTimeDesc
  2. Download audio: GET /im/v1/messages/{message_id}/resources/{file_key}?type=file
  3. Run STT script on the downloaded file

Smart Reply Mode

When receiving messages, follow this pattern for natural conversation:

  • Voice message received → transcribe with STT → understand → reply with voice (TTS)
  • Text message received → understand → reply with text
  • Override: user can request voice/text reply explicitly

Important Notes

  • Feishu msg_type must be "audio" — not "media" or "file"
  • OpenClaw's message tool asVoice does not work correctly for Feishu — use this script instead
  • STT uses ElevenLabs scribe_v1 model, supports Chinese, English, and 90+ languages
  • For free ElevenLabs accounts, only premade voices work; library voices require a paid plan

Comments

Loading comments...