ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Feishu Webhook

v1.2.4

Send rich text messages to Feishu via Webhook with heredoc input support. Use when you need to send Markdown-formatted messages to Feishu channels or DMs, es...

0· 1.7k·15 current·15 all-time
by@talentestors

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for talentestors/feishu-webhook.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Feishu Webhook" (talentestors/feishu-webhook) from ClawHub.
Skill page: https://clawhub.ai/talentestors/feishu-webhook
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install talentestors/feishu-webhook

ClawHub CLI

Package manager switcher

npx clawhub@latest install feishu-webhook
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match the included script: the bundled Python script reads FEISHU_WEBHOOK_URL and FEISHU_WEBHOOK_SECRET from environment and POSTs a Feishu card payload. However the registry metadata lists no required env vars or primary credential despite the script and SKILL.md/README instructing users to set FEISHU_WEBHOOK_URL and FEISHU_WEBHOOK_SECRET. This mismatch is unexpected but functionally the capability itself is coherent.
Instruction Scope
SKILL.md instructs using heredoc input and configuring two environment variables in OpenClaw config. The runtime instructions and script only read stdin and the two env vars, and send a single HTTPS POST to the Feishu webhook host. The instructions do not ask the agent to read other files, scan system state, or exfiltrate to other endpoints.
Install Mechanism
No install spec — instruction-only with a small included Python script. Nothing is downloaded from arbitrary URLs or installed automatically, so there is low install risk.
!
Credentials
The script legitimately needs FEISHU_WEBHOOK_URL (and optionally FEISHU_WEBHOOK_SECRET) to function, but the skill metadata declares no required env vars or primary credential. Requiring secret-like env vars without declaring them in the registry is an inconsistency that could cause confusion and indicates metadata is incomplete. The secrets requested are proportionate to the stated purpose, but you should treat them as sensitive and only provide values for trusted skills.
Persistence & Privilege
Skill does not request persistent/always-on privileges (always: false). It does not modify other skills or system settings and has no install-time hooks, so persistence/privilege concerns are minimal.
What to consider before installing
This skill's code and README show it needs two env vars (FEISHU_WEBHOOK_URL and FEISHU_WEBHOOK_SECRET) even though the registry metadata didn't list them. Before installing: 1) Confirm you trust the skill source (homepage points to a GitHub repo). 2) Only populate FEISHU_WEBHOOK_URL/SECRET with non-sensitive test values first, and test sending non-confidential content. 3) Review the included scripts/send-feishu.py yourself (it is short) — it only reads stdin and the two env vars and POSTs to the Feishu host, so there is no hidden exfiltration in the repo. 4) Consider running the skill in an isolated environment if you are unsure. 5) If you plan to enable it widely, ask the maintainer to correct the registry metadata to declare the required env vars and primary credential so policy/consent UI is accurate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fb8r3g44m5r879m76w8qsqs82tnpm
1.7kdownloads
0stars
5versions
Updated 14h ago
v1.2.4
MIT-0
@talentestors
latest
Download

Feishu Webhook Skill

Send messages to Feishu via Webhook with heredoc input.

Quick Start

python3 /home/yuhiri/workspace/skills/feishu-webhook/scripts/send-feishu.py << 'EOF'
# Write your Markdown content here (avoid level 1 and 2 headings; levels 3-6 are acceptable)
- Lists
- **Bold text**
EOF

Features

  • 📝 Heredoc input
  • 📄 Markdown support (all Feishu card styles)
  • ⚙️ Environment variables from OpenClaw config

Config (OpenClaw)

Add to ~/.openclaw/openclaw.json under env.vars:

{
  "env": {
    "vars": {
      "FEISHU_WEBHOOK_URL": "https://open.feishu.cn/open-apis/bot/v2/hook/xxx",
      "FEISHU_WEBHOOK_SECRET": "your_secret"
    }
  }
}

Files

  • scripts/send-feishu.py - Main sender

Version

  • 1.2.1

Comments

Loading comments...