Feishu Send Voice
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it claims—convert text to a Feishu voice message—but it uses Feishu app credentials, external services, and local command-line tools.
Install only if you trust the Feishu app credentials being used and are comfortable with the selected text being converted to audio, uploaded to Feishu, and sent to the specified recipient. Check that required tools are installed from trusted sources.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong text or open_id, the skill can send an unintended voice message through Feishu.
The script performs a real Feishu message-send API call using the provided recipient ID. This is purpose-aligned, but it is a user-visible external action.
curl -sS -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id' ... "receive_id":"$OPEN_ID","msg_type":"audio"
Confirm the message content and recipient before running or allowing the agent to invoke this skill.
The skill can act through the configured Feishu app to upload files and send messages.
The skill reads Feishu app credentials from local OpenClaw config or environment variables and uses them to obtain a tenant access token. This is expected for the integration, but it is sensitive delegated authority.
CFG="$HOME/.openclaw/openclaw.json" ... APP_ID="${FEISHU_APP_ID:-$APP_ID_RAW}" ... APP_SECRET="${FEISHU_APP_SECRET:-$APP_SECRET_RAW}"Use a Feishu app with only the permissions needed for audio upload and message sending, and keep app secrets protected.
Installation or invocation may fail unless the user manually provides the required tools and Feishu configuration.
The skill documentation discloses runtime dependencies and config needs, but the registry metadata reports no required binaries, env vars, credentials, or config paths. This is an under-declared setup contract rather than hidden behavior.
- `ffmpeg` 可用 - `edge-tts` 可用 ... - 本机存在 OpenClaw 配置:`~/.openclaw/openclaw.json`
Before installing, verify ffmpeg, ffprobe, edge-tts, python3, curl, and the Feishu OpenClaw config are present and trusted.
Any sensitive text converted to speech will be uploaded as audio to Feishu and delivered to the chosen recipient.
The generated audio is uploaded to Feishu before being sent. This external data flow is central to the skill's purpose, but users should understand that message content leaves the local machine.
UPLOAD_JSON=$(curl -sS -X POST 'https://open.feishu.cn/open-apis/im/v1/files' ... -F "file=@$OPUS_OGG;type=audio/ogg")
Avoid using this skill for content that should not be shared with Feishu or the target recipient.