ClawHub

Feishu Zh6

v1.0.5

Send text, image (jpg/png/gif), or file (md/pdf/doc) messages via Feishu to user ou_a05417a566dc000ad40fed2beb9fe057 using files in ~/.openclaw/workspace/.

0· 110·0 current·0 all-time
by@zh6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md instructions: sending text, images, and files via Feishu using files from ~/.openclaw/workspace/. The skill does not request unrelated resources. It implicitly relies on a platform-provided 'message_tool' or channel config for Feishu authentication, which is a reasonable design if the platform manages credentials centrally.
Instruction Scope
Instructions restrict file access to ~/.openclaw/workspace/ and ask the agent to use message_tool:send:feishu:... which keeps scope narrow. They also show using curl to download network images into the workspace — allowed but means the agent will download arbitrary external content when asked. The doc also tells users to configure a user ID in ~/.openclaw/workspace/TOOLS.md and to use the main session (not isolated).
Install Mechanism
No install spec and no code files — instruction-only skill with minimal surface area. No downloads or archive extraction are specified.
Credentials
The skill declares no environment variables or credentials; that is coherent if the platform provides Feishu credentials centrally. If the platform does not provide them, the instructions are incomplete. No unrelated secrets or wide-ranging env access are requested by this skill.
Persistence & Privilege
always is false and the skill is user-invocable. Default model invocation is allowed (normal). The skill does not request to modify other skills or system-wide settings.
Assessment
This skill appears to be a thin wrapper around a platform message-sending tool and only uses files from ~/.openclaw/workspace/. Before installing, confirm that your platform or agent already has Feishu credentials configured (the SKILL.md assumes that). Be cautious when using the provided curl example: downloading external images writes data into your workspace, which could expose you to malicious content or accidentally send sensitive files. Ensure the workspace and TOOLS.md contain only intended files/IDs, and verify the target user ID is correct. If you want stronger isolation, avoid running these sends from the main session or keep sensitive files out of ~/.openclaw/workspace/.

Like a lobster shell, security has layers — review code before you run it.

latestvk975hs1qfzmdpps806xyf9k13183et82

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments