ClawHub

Lark Toolkit

v1.0.0

Comprehensive Lark/Feishu API skill for OpenClaw agents. Covers all Lark operations via three access paths: claw-lark plugin (message tool), MCP tools (mcpor...

0· 1k·4 current·5 all-time
by@pengxiao-wang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for pengxiao-wang/lark-toolkit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Lark Toolkit" (pengxiao-wang/lark-toolkit) from ClawHub.
Skill page: https://clawhub.ai/pengxiao-wang/lark-toolkit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install pengxiao-wang/lark-toolkit

ClawHub CLI

Package manager switcher

npx clawhub@latest install lark-toolkit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the provided files: comprehensive Lark/Feishu docs, MCP tool catalog, and curl examples. The included helper script (get_token.sh) and references to claw-lark/MCP/direct API are appropriate for a Lark API toolkit.
Instruction Scope
SKILL.md is largely documentation and examples of curl/mcporter usage. One inconsistency: the top-level README says "documentation-only" and "no executable code that accesses credentials automatically," but the repository contains scripts/get_token.sh which will read env vars and (as a fallback) ~/.openclaw/openclaw.json and perform a network call to fetch a tenant_access_token. That helper behavior is expected for this purpose but is a functional script (not pure prose). The instructions reference shell utilities (curl, python3, lsof, kill) for troubleshooting — expected for webhook/debug guidance but assume standard CLI tools are present.
Install Mechanism
No install spec is present; this is instruction-only plus a small helper script. Nothing is downloaded or installed by the skill itself, so there is no install-time code-pull risk.
Credentials
The skill does not declare required env vars in registry metadata, but the documentation and get_token.sh legitimately require LARK_APP_ID and LARK_APP_SECRET (and will optionally use OPENCLAW_CONFIG or ~/.openclaw/openclaw.json). These credentials are proportional and necessary for Lark API calls. Minor caution: the helper prints the config file path when it falls back to the config file and will export LARK_TOKEN into the shell session; users should be aware of this behavior.
Persistence & Privilege
always:false and no install hooks; the skill does not request permanent system presence or modify other skills. Autonomous invocation by the model is allowed (platform default) but not elevated beyond normal skill behavior.
Assessment
This skill is primarily documentation and examples for Lark/Feishu plus a small helper script to fetch tenant_access_token. Before using: (1) review scripts/get_token.sh — it will read LARK_APP_ID/LARK_APP_SECRET env vars or fallback to ~/.openclaw/openclaw.json and will export LARK_TOKEN in your shell; don't 'source' it blindly if you don't want it to read local config. (2) Prefer invoking the script with explicit app_id/app_secret arguments or set env vars rather than relying on the config-file fallback. (3) Ensure ~/.openclaw/openclaw.json is accessible only to trusted users (it may contain credentials for your OpenClaw channels). (4) The docs assume standard CLI tools (curl, python3, lsof, kill); run commands manually in a safe environment if you are unsure. (5) Verify whether your tenant uses open.larksuite.com or open.feishu.cn before making calls. Overall the package appears coherent with its stated purpose; no disproportionate credential or install demands were found.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vx10xgh5ef3246jzehgr5981npt4
1kdownloads
0stars
3versions
Updated 1mo ago
v1.0.0
MIT-0
@pengxiao-wang
latest
Download

Lark Toolkit

Prerequisites & Security

This skill is a documentation-only reference guide. It contains no executable code that accesses credentials automatically.

Required credentials (user-provided, never bundled):

How credentials are used:

  • All API examples in SKILL.md use placeholders (<APP_ID>, <APP_SECRET>, CHAT_ID, etc.) — no real secrets
  • The scripts/get_token.sh helper obtains a temporary tenant_access_token from Lark's auth API. It reads credentials from (in order):
    1. Command-line arguments
    2. LARK_APP_ID / LARK_APP_SECRET environment variables
    3. ~/.openclaw/openclaw.json (standard OpenClaw config, path channels.lark.accounts.default.appId/appSecret)
  • The script prints the config source to stderr when falling back to the config file
  • No credentials are hardcoded, cached to disk, logged, or transmitted beyond the single Lark auth API call
  • The token is exported as LARK_TOKEN env var for subsequent commands in the same shell session

Three Access Paths

NeedPathWhen
Send/receive messagesclaw-lark plugin (message tool)Basic text, media, reactions — simplest
Structured CRUD opsMCP tools via mcporterBitable, calendar, docs, tasks, OKR — 38 tools
Everything elseDirect API (curl)Contacts, member mgmt, anything MCP doesn't cover

Rule: claw-lark first → MCP second → direct API as fallback.

Authentication (Direct API)

TOKEN=$(curl -s -X POST 'https://open.larksuite.com/open-apis/auth/v3/tenant_access_token/internal' \
  -H 'Content-Type: application/json' \
  -d '{"app_id":"<APP_ID>","app_secret":"<APP_SECRET>"}' \
  | python3 -c "import sys,json; print(json.load(sys.stdin)['tenant_access_token'])")

Or use the helper: bash scripts/get_token.sh

Token validity: ~2 hours. Cache it.

API Base URLs

PlatformAPI BaseDev Console
Lark Internationalhttps://open.larksuite.com/open-apis/https://open.larksuite.com/app
Feishu (China)https://open.feishu.cn/open-apis/https://open.feishu.cn/app

⚠️ Lark ≠ Feishu. Always confirm which platform the tenant uses.

Common API Patterns

Send a Message

curl -X POST "https://open.larksuite.com/open-apis/im/v1/messages?receive_id_type=chat_id" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"receive_id":"CHAT_ID","msg_type":"text","content":"{\"text\":\"hello\"}"}'

Reply in Thread

curl -X POST "https://open.larksuite.com/open-apis/im/v1/messages/MSG_ID/reply" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"msg_type":"text","content":"{\"text\":\"reply\"}","reply_in_thread":true}'

Add Reaction

curl -X POST "https://open.larksuite.com/open-apis/im/v1/messages/MSG_ID/reactions" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"reaction_type":{"emoji_type":"THUMBSUP"}}'

Emoji types: THUMBSUP HEART LAUGH OK COOL FINGERHEART SMILE JIAYOU

List Department Users (MCP gap — direct API only)

# List root departments
curl -s -H "Authorization: Bearer $TOKEN" \
  'https://open.larksuite.com/open-apis/contact/v3/departments?parent_department_id=0&page_size=50&fetch_child=true'

# List users in a department
curl -s -H "Authorization: Bearer $TOKEN" \
  'https://open.larksuite.com/open-apis/contact/v3/users?department_id=<DEPT_ID>&page_size=50'

Key fields: name, open_id, employee_type (1=regular, 2=intern), department_ids

Read Chat History

curl -s -H "Authorization: Bearer $TOKEN" \
  'https://open.larksuite.com/open-apis/im/v1/messages?container_id_type=chat&container_id=<CHAT_ID>&page_size=20&sort_type=ByCreateTimeDesc'

Add Bot to Group

curl -X POST "https://open.larksuite.com/open-apis/im/v1/chats/<CHAT_ID>/members?member_id_type=app_id" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"id_list":["<BOT_APP_ID>"]}'

MCP Tools (38 available)

mcporter call lark-mcp.<tool_name> key=value

Full catalog with parameters: references/mcp-tools.md

MCP Coverage

ModuleKey Tools
Bitablecreate apps/tables, CRUD records, list fields
Calendarcreate/get/patch events, free/busy, primary calendar
Docsread content, search, import, set permissions
IMcreate/list groups, get members, send messages, list history
OKRbatch get, list periods, CRUD progress, query reviews
Reportquery rules/tasks, manage views
Taskcreate/patch tasks, add members/reminders
Wikisearch nodes, get node details
Contactsbatch get user IDs by email/phone

MCP Gaps (use direct API)

  • List users by department — GET /contact/v3/users?department_id=
  • List departments — GET /contact/v3/departments
  • Add/remove group members — POST /im/v1/chats/{chat_id}/members
  • Send reactions — POST /im/v1/messages/{msg_id}/reactions
  • Upload images/files — POST /im/v1/images / POST /im/v1/files

Pagination

Most list APIs use cursor-based pagination:

?page_size=50&page_token=<token_from_previous_response>

Check has_more in response.

Error Handling

CodeMeaning
0Success
99991663Token expired — refresh
99991664Token invalid
99991400Bad request
99991403No permission — check app permissions

Critical Pitfalls

  1. Lark ≠ Feishu — International uses open.larksuite.com, China uses open.feishu.cn
  2. open_id is per-app — Same user has different open_id across different Lark apps
  3. Webhook 5s timeout — Return 200 immediately, process async
  4. Event dedup — Use event_id (Lark retries up to 3x)
  5. Bot-to-bot blind spot — Lark does NOT push Bot A's messages to Bot B's webhook
  6. Publishing required — Permission/event changes only take effect after publishing a new app version
  7. ngrok IPv6 trap — Use 127.0.0.1:PORT not localhost:PORT in ngrok config
  8. ngrok free domain — Returns interstitial HTML that Lark rejects. Use paid domain.

Detailed References

Comments

Loading comments...