Feishu Media Sender
v1.0.0飞书媒体发送器 — 上传图片或视频并以媒体消息发送到飞书聊天中。图片直接预览,视频支持播放。补齐飞书渠道缺失的媒体投递能力。| Feishu Media Sender — Upload & send images/videos via Feishu OpenAPI with in-chat preview/pla...
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Feishu media upload + send) match what the code does: obtains Feishu tenant token, uploads images/videos to official Feishu endpoints, and sends messages. Required binary (python3) and the declared OpenClaw config path (~/.openclaw/openclaw.json) are consistent with selecting Feishu app credentials.
Instruction Scope
SKILL.md instructs running the included Python script with a local file and receive-id, and explicitly states credentials are read from ~/.openclaw/openclaw.json. The script's actions (reading that config, determining account binding, calling Feishu APIs, uploading local file) align with the documented instructions and do not reference unrelated system files or external endpoints beyond Feishu.
Install Mechanism
This is instruction-only (no install spec). A single Python script is bundled; there are no downloads or archive extracts and no third-party install sources. Risk from installation is low.
Credentials
The skill requires access to ~/.openclaw/openclaw.json to read Feishu appId/appSecret, which is appropriate. Note: the script also uses optional environment fallbacks for the receive_id (OPENCLAW_CHAT_ID, OPENCLAW_RECEIVE_ID, FEISHU_CHAT_ID) though these env vars are not declared in requires.env — they are only optional fallbacks. The script reads other parts of the openclaw.json (agents, bindings) to resolve which account to use; this is justified for multi-account selection but means the skill will parse your full OpenClaw config, so ensure it contains only expected credentials.
Persistence & Privilege
always is false and the skill does not request any persistent platform privileges or modify other skills. It makes runtime network calls to Feishu APIs (expected). Autonomous invocation of skills is the platform default; this skill does not increase privileges beyond that.
Assessment
This skill appears to do exactly what it says: it uploads a local image/video and sends it via Feishu using appId/appSecret read from your ~/.openclaw/openclaw.json. Before installing, verify that ~/.openclaw/openclaw.json contains the intended Feishu app credentials and no unexpected secrets. Be aware the script will parse agents/bindings in that config to choose an account, and it also accepts optional environment fallbacks (OPENCLAW_CHAT_ID / OPENCLAW_RECEIVE_ID / FEISHU_CHAT_ID) for the target receive_id. If you are uncomfortable with a skill reading your full OpenClaw config, remove or restrict Feishu credentials in that file and supply them differently, or run the script in an environment with a minimal openclaw.json. Finally, treat files you upload as sensitive data: the script will transmit file contents to Feishu endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk9791m79tdsx9yn8td5m1m8ap583prh3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis
Binspython3
Config~/.openclaw/openclaw.json