ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Feishu Bot Manager

v1.0.3

飞书多账户机器人配置管理 skill。用于新增飞书机器人账户、将机器人或特定群聊绑定到指定 Agent,并安全地更新 OpenClaw 的 Feishu 路由配置。适用于用户提到“添加飞书机器人”、“配置飞书机器人”、“新增飞书账户”、“飞书多账户”这类场景。

0· 88·0 current·0 all-time
by@caoychn

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for caoychn/openclaw-feishu-bot-manager.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenClaw Feishu Bot Manager" (caoychn/openclaw-feishu-bot-manager) from ClawHub.
Skill page: https://clawhub.ai/caoychn/openclaw-feishu-bot-manager
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-feishu-bot-manager

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-feishu-bot-manager
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the CLI asks for Feishu App ID/App Secret and account/chat/agent info, reads and updates ~/.openclaw/openclaw.json, performs backup, validation, and can restart the OpenClaw gateway. All requested actions are proportionate to managing Feishu bot routing.
Instruction Scope
SKILL.md and index.js explicitly read/write the OpenClaw config, back it up, validate changes, set session.dmScope, and optionally restart the gateway — all within the declared purpose. There are no instructions to read unrelated system files, call external endpoints, or exfiltrate data.
Install Mechanism
No install spec (instruction-only) and bundled code runs locally. Nothing is downloaded from external URLs or extracted; the included files are self-contained. This is the lower-risk pattern for a config-management skill.
Credentials
The skill does not request unrelated env vars or credentials. It accepts the Feishu App Secret as a CLI argument (not an env var) — this is functionally appropriate but has privacy risks (CLI args can be visible in process lists or shell history). The code uses HOME to find ~/.openclaw which is expected.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or global agent settings beyond writing to OpenClaw's own config and invoking the OpenClaw CLI to set dmScope and restart the gateway — behavior that matches its purpose.
Assessment
This skill appears to do exactly what it says: it edits your local OpenClaw config (~/.openclaw/openclaw.json), creates backups, validates the result, and can restart the OpenClaw gateway. Before installing/running it: 1) Prefer --dry-run first to preview changes; 2) Keep or copy the automatically created backup file so you can restore if needed; 3) Be aware that passing App Secret on the command line can expose it to process listings or shell history — consider entering secrets via a safer mechanism or running on a secure host; 4) Because the source/publisher is unknown and there's no homepage, inspect the bundled code yourself (or run in a sandbox) before giving it access to your OpenClaw installation; 5) If you rely on high-availability routing, schedule a maintenance window for the Gateway restart or use --no-restart and restart manually when ready.
index.js:275
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979fq0z6znke2yhyzf47pkesd84pxcx
88downloads
0stars
2versions
Updated 2w ago
v1.0.3
MIT-0
@caoychn
latest
Download

feishu-bot-manager

飞书多账户机器人配置管理 Skill。

路由绑定方案

方案 1:账户级绑定

该飞书账户的所有消息 → 指定 Agent

适用场景:一个机器人专门服务一个 Agent。比如创建一个"销售机器人",它的所有消息都由"销售 Agent"处理。

生成的绑定

{ "agentId": "recruiter", "match": { "channel": "feishu", "accountId": "bot-sales" } }

方案 2:群聊级绑定

特定群聊的消息 → 指定 Agent

适用场景:把 Agent 绑定到特定群聊。多个机器人在群里,但不同群聊分配给不同 Agent。

生成的绑定

{ "agentId": "recruiter", "match": { "channel": "feishu", "peer": { "kind": "group", "id": "oc_xxx" } } }

注意:群聊级绑定优先级更高,会覆盖账户级绑定!

使用方式

交互模式(通过对话)

直接说:"添加飞书机器人"

我会询问:

  1. App ID 和 App Secret
  2. 账户信息(账户 ID、机器人名称)
  3. 选择路由绑定方案(账户级/群聊级)
  4. 选择绑定的 Agent
  5. 群聊 ID(如果选群聊级绑定)
  6. 先做预览,再确认执行

命令行调用

# 账户级绑定 - 该机器人所有消息都由指定 Agent 处理
openclaw skills run feishu-bot-manager -- \
  --app-id cli_xxx \
  --app-secret yyy \
  --account-id bot-sales \
  --agent-id recruiter \
  --routing-mode account

# 群聊级绑定 - 特定群聊的消息由指定 Agent 处理
openclaw skills run feishu-bot-manager -- \
  --app-id cli_xxx \
  --app-secret yyy \
  --account-id bot-sales \
  --agent-id recruiter \
  --chat-id oc_xxx \
  --routing-mode group

参数说明

参数必填说明
--app-id飞书 App ID (cli_xxx)
--app-secret飞书 App Secret
--account-id账户标识,默认自动生成
--bot-name机器人名称,默认 "Feishu Bot"
--dm-policyDM 策略: open/pairing/allowlist,默认 open
--agent-id要绑定的 Agent ID
--chat-id群聊 ID (oc_xxx),群聊绑定时需要
--routing-mode路由模式: account/group,默认 account

配置结构示例

添加新机器人后,配置会变成这样(保留现有配置):

{
  "channels": {
    "feishu": {
      "enabled": true,
      "appId": "cli_现有",           // ← 保留不动
      "appSecret": "现有Secret",      // ← 保留不动
      "dmPolicy": "open",
      "accounts": {                    // ← 新添加
        "bot-new": {
          "appId": "cli_xxx",
          "appSecret": "yyy",
          "botName": "新机器人",
          "dmPolicy": "open",
          "allowFrom": ["*"],
          "enabled": true
        }
      }
    }
  },
  "bindings": [
    {                                  // ← 新添加
      "agentId": "recruiter",
      "match": {
        "channel": "feishu",
        "accountId": "bot-new"       // 或 "peer": { "kind": "group", "id": "oc_xxx" }
      }
    }
  ]
}

流程

  1. 检查现有配置与潜在冲突
  2. 备份现有配置
  3. 添加新账户到 channels.feishu.accounts
  4. 根据选择的路由模式添加 binding
  5. 预览变更
  6. 设置 session.dmScopeper-account-channel-peer
  7. 重启 Gateway(可用 --no-restart 跳过)

注意事项

  • 保留现有配置:现有 appId/appSecret 完全不动
  • 自动备份:修改前自动备份 openclaw.json
  • 冲突检测:默认检查账户/群聊/Agent 绑定冲突,必要时才用 --force
  • dry-run:建议先用 --dry-run 预览,再正式写入
  • dmScope 设置:自动设置会话绑定颗粒度
  • 重启 Gateway:重启后约 10-30 秒恢复服务,可用 --no-restart 跳过
  • 恢复方法:如出问题可用备份文件手动恢复

Comments

Loading comments...