ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

lark-file-sender

Send files to Feishu/Lark users and groups via the message tool. Use when the user wants to send documents, images, PDFs, or any files through Feishu. Handle...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 82 · 0 current installs · 0 all-time installs
by@timyljob2011-sudo
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The manifest and SKILL.md describe a Feishu/Lark file-sender and included helper (check_file.py) is consistent with that purpose. Minor inconsistencies exist: registry name is lark-file-sender while manifest/SKILL.md use feishu-file-sender, README references scripts/check_file.py path that doesn't match actual layout. No declared env vars or external dependencies (Feishu channel configuration is assumed to be provided by the host platform).
!
Instruction Scope
SKILL.md stays focused on validating and sending files, but includes examples that call an exec tool (e.g., exec command="python generate_report.py"). Allowing or instructing execution of arbitrary commands expands scope beyond file transfer and could run untrusted code or create files used for exfiltration. The skill also provides message-formatted commands that would send any local file path provided—this is expected for a file-sender but increases risk if misused.
Install Mechanism
Instruction-only skill with no install spec and no external downloads. Only a small helper script (check_file.py) is included. This is low-risk from installation/execution-of-remote-code perspective.
Credentials
The skill requests no environment variables or credentials, which is proportionate if the platform manages Feishu/Lark channel credentials. SKILL.md references verifying Feishu channel/config but does not declare required credentials — you should confirm how the host platform supplies Feishu access (agent-level channel tokens, user auth, etc.).
Persistence & Privilege
always:false and no install-time modifications are declared. The skill can be invoked autonomously by the agent (default), which is normal. Combined with the ability to execute commands and send arbitrary files, autonomous invocation increases potential blast radius — exercise caution (see guidance).
What to consider before installing
This skill appears to do what it says (validate and format file-send operations for Feishu/Lark) and contains a small helper script that only checks local files. However, SKILL.md includes examples that run arbitrary commands (exec) to generate files before sending; that capability can run untrusted code and/or create files that the skill will then send. Before installing: 1) confirm how Feishu/Lark credentials are provided by your OpenClaw instance and that you trust that configuration; 2) restrict or review any agent permissions that allow running exec commands or sending files automatically; 3) test in a sandbox environment first (no sensitive data in workspace); 4) if you don't need automatic generation, remove/ignore exec examples or require explicit user confirmation before executing commands or sending files. If you want me to, I can list specific questions to ask the skill author or generate a safer SKILL.md that omits exec usage and requires explicit user confirmation before any command execution or file transmission.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9763ha2zax16fe7tx4hv1jftx8371vc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Feishu File Sender

Send files to Feishu/Lark users and chat groups with proper formatting and error handling.

When to Use

Use this skill when:

  • User wants to send a file via Feishu
  • Need to deliver documents, images, PDFs to Feishu contacts
  • Transferring generated files (reports, exports, etc.) to Feishu
  • Sharing any file through Feishu messaging

Quick Start

# Basic file send
message action=send filePath="/path/to/file.pdf"

# With custom message
message action=send filePath="/path/to/report.docx" message="Here's the report you requested"

File Types Supported

  • Documents: .pdf, .doc, .docx, .txt, .md
  • Spreadsheets: .xls, .xlsx, .csv
  • Images: .jpg, .jpeg, .png, .gif, .webp
  • Archives: .zip, .rar, .tar.gz
  • Code files: .py, .js, .html, .json, etc.

Usage Examples

Send a Single File

message action=send filePath="/workspace/report.pdf"

Send with Caption

message action=send filePath="/workspace/data.xlsx" message="Q4 sales data"

Send Multiple Files

Send files one by one with context:

for file in files:
    message action=send filePath=file

Send to Specific Target

# To a specific user
message action=send target="user:ou_xxx" filePath="/path/to/file"

# To a specific chat
message action=send target="chat:oc_xxx" filePath="/path/to/file"

Best Practices

  1. Always verify file exists before sending
  2. Provide context with the message parameter when helpful
  3. Check file size - Feishu has limits (typically 100MB-1GB depending on plan)
  4. Use absolute paths to avoid confusion

Common Patterns

After Generating a File

# Generate report
exec command="python generate_report.py"

# Send to user
message action=send filePath="/workspace/output/report.pdf" message="Your report is ready"

Batch File Delivery

# Collect all generated files
files = ["/workspace/file1.pdf", "/workspace/file2.xlsx"]

for i, file in enumerate(files, 1):
    message action=send filePath=file message=f"File {i} of {len(files)}"

Error Handling

Common issues and solutions:

ErrorCauseSolution
File not foundWrong pathUse absolute path with filePath
Access deniedPermissionsCheck file permissions with ls -la
Too largeFile size limitCompress or split file
Channel errorFeishu configVerify channel is properly configured

Tool Reference

message tool (action=send)

action: send
filePath: /absolute/path/to/file    # Required: path to file
message: "Optional caption text"    # Optional: accompanying message
target: "user:xxx" or "chat:xxx"   # Optional: specific recipient
channel: feishu                     # Optional: defaults to current

Related Skills

  • auto-file-sender - Automatic file sending when files are generated
  • feishu-file-transfer - Large file transfer via Feishu API

Version: 1.0
Compatible with: OpenClaw v1.x+
Platform: Feishu / Lark

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…