ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Official Feishu Toolkit

v1.0.0

飞书开放平台全面集成工具包。支持日历与会议室预约、消息发送、审批流程、多维表格操作、通讯录查询和考勤管理六大核心办公模块。

0· 469·9 current·12 all-time
byRadium@radium0028

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for radium0028/official-feishu-toolkit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Official Feishu Toolkit" (radium0028/official-feishu-toolkit) from ClawHub.
Skill page: https://clawhub.ai/radium0028/official-feishu-toolkit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: FEISHU_APP_ID, FEISHU_APP_SECRET
Required binaries: uv
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install radium0028/official-feishu-toolkit

ClawHub CLI

Package manager switcher

npx clawhub@latest install official-feishu-toolkit
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Feishu toolkit) match the code and declared env vars: the server implements calendar, messaging, approval, bitable, contacts and attendance APIs and only requires FEISHU_APP_ID / FEISHU_APP_SECRET. The required binary 'uv' is odd but is used in the README/SKILL.md to run virtualenv/pip/uvicorn; it's not fundamentally incompatible with the stated purpose.
Instruction Scope
Runtime instructions are scoped to running a local FastAPI service and configuring FEISHU credentials; the code reads only FEISHU_APP_ID, FEISHU_APP_SECRET and optional FEISHU_APPROVAL_CODES. No instructions request unrelated host files or extra credentials. However the README/SKILL.md provides an alternative installation command that pipes a remote install.sh from https://backend.clawd.org.cn | sh — that downloads+executes an external script outside the package, which expands the runtime scope and risk.
!
Install Mechanism
Registry metadata lists a brew formula 'uv' (creates binary 'uv'), and SKILL.md suggests using a curl | sh installer hosted at backend.clawd.org.cn. Both raise supply-chain risk: 'uv' is an uncommon binary name (not the usual 'python'/'uvicorn') and the external install.sh URL is a direct download-and-execute from an unknown host. The install mechanisms are inconsistent (brew vs curl) and should be inspected before running.
Credentials
Requested environment variables are FEISHU_APP_ID and FEISHU_APP_SECRET (primaryEnv FEISHU_APP_ID) and an optional FEISHU_APPROVAL_CODES. These are appropriate and proportionate for a Feishu integration; the code uses them to obtain tenant_access_token and call open.feishu.cn APIs. No unrelated secrets or extra service credentials are requested.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide configs. It runs as a user service (FastAPI) and uses standard token caching; autonomous invocation is enabled by default but not combined with other escalating privileges here.
What to consider before installing
What to check before installing: - Do NOT run curl https://backend.clawd.org.cn/... | sh without review. That command downloads and executes an external script from an unknown host—inspect the script contents and verify its source first. - Verify the 'uv' brew formula: confirm which tap provides it and inspect the formula contents. 'uv' is not a common system dependency for Python/uvicorn, so confirm it's legitimate for your environment. - The skill will get FEISHU_APP_ID and FEISHU_APP_SECRET; those credentials let the app obtain tenant_access_token and perform all API actions listed (send messages, read contacts, manage approvals, attendance, bitable, calendar). Only grant the minimum permissions needed in the Feishu developer console and consider using a dedicated test app/tenant first. - If you want lower risk, install from the included source files directly: create a Python virtualenv, pip install the package dependencies from pyproject.toml, set env vars locally, and run uvicorn pointing at feishu_toolkit.main — avoid opaque install scripts. - If the publisher can provide an official homepage or signed release (or if the install script is hosted on a well-known, verifiable domain such as a GitHub release), that would reduce supply-chain concern; ask the publisher for those artifacts. If you cannot verify the install sources, treat this skill as higher risk.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🏢 Clawdis
Binsuv
EnvFEISHU_APP_ID, FEISHU_APP_SECRET
Primary envFEISHU_APP_ID

Install

Install uv via Homebrew
Bins: uv
brew install uv
latestvk978t0tzpv9e23q4hwx9yger0h8209xv
469downloads
0stars
1versions
Updated 16h ago
v1.0.0
MIT-0
Radium@radium0028
latest
Download

🏢 飞书办公套件

Feishu/Lark Office Toolkit — 让 Agent 成为你的飞书办公助手

基于飞书开放平台 API 的全面集成工具包,覆盖日常办公六大核心场景。安装本技能后,你的 Agent 就能帮你预约会议室、发送消息、发起审批、操作多维表格、查询通讯录和管理考勤。

✨ 功能亮点

模块能力示例指令
📅 日历日程 CRUD、会议室预约、忙闲查询"帮我预约明天下午的8楼大会议室"
💬 消息文本/富文本/卡片消息发送、回复"给产品组群发版本发布通知"
✅ 审批发起/查询/同意/拒绝/转交审批"帮我发起一个出差审批"
📊 多维表格表格创建、记录增删改查"在项目跟踪表中新增一条任务"
👥 通讯录用户/部门查询、组织架构浏览"查一下市场部有哪些成员"
⏰ 考勤打卡记录、补卡查询、考勤组管理"查看我这周的打卡记录"

📦 安装

claw skill install official/feishu-toolkit

或在 AI IDE(Cursor / Copilot / Windsurf / Trae 等)中:

curl -sL "https://backend.clawd.org.cn/api/skills/official%2Ffeishu-toolkit/install.sh" | sh

⚙️ 配置

1. 创建飞书应用

前往 飞书开发者后台 创建自建应用,开启机器人能力,并根据所需模块申请对应 API 权限。

2. 设置环境变量

export FEISHU_APP_ID="your-app-id"
export FEISHU_APP_SECRET="your-app-secret"
变量必填说明
FEISHU_APP_ID飞书应用 App ID
FEISHU_APP_SECRET飞书应用 App Secret
FEISHU_APPROVAL_CODES常用审批类型映射(JSON)

3. 启动服务

cd server/
uv venv && uv pip install -e ".[dev]"
uv run --env-file .env uvicorn feishu_toolkit.main:app --host 127.0.0.1 --port 8002

4. 验证

curl http://127.0.0.1:8002/ping
# {"message": "pong"}

🔐 权限清单

模块权限标识说明
日历calendar:calendar读写日历及日程
日历vc:room:readonly查询会议室
消息im:message:send_as_bot发送消息
审批approval:approval读写审批信息
审批approval:task审批人操作
多维表格bitable:app读写多维表格
多维表格drive:drive访问云空间
通讯录contact:contact.base:readonly读取通讯录
考勤attendance:task:readonly导出打卡数据

💡 在飞书开发者后台 → 权限管理中,将 通讯录权限范围 设为「全部成员」或指定部门,否则无法查询到用户信息。

📖 详细文档

🔗 相关资源

Comments

Loading comments...