Feishu Proactive Messenger
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill does what it says—send Feishu messages—but it gives agents credential-backed proactive messaging and does not tightly enforce which agent/account identity may be used.
Install only if you intentionally want agents to send proactive Feishu messages. Before enabling it broadly, restrict which agents can invoke it, verify defaultTo targets, consider requiring confirmation before each send, and ensure Feishu app credentials in ~/.openclaw/openclaw.json are only accessible to trusted agents.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or prompt that can invoke this skill may be able to send messages using another configured agent's Feishu bot identity, causing confusing or unauthorized outbound messages.
A caller-supplied agent id directly determines which Feishu appId/appSecret are read from the global OpenClaw config, with no artifact-backed check that the caller is actually that agent.
parser.add_argument("--agent", default=None, help="Agent id ...") ... agent_id = args.agent or resolve_agent_id(config)
app_id, app_secret, default_to = resolve_feishu_account(config, agent_id)Bind credential selection to the authenticated/current agent rather than a free-form --agent argument, or enforce an allowlist and require explicit confirmation when switching agent identities.
If invoked incorrectly or by an over-eager agent, it could send unintended or unsolicited Feishu messages from the user's configured bot.
The script sends caller-provided text to a Feishu recipient through the OpenAPI send-message endpoint. The provided code does not show recipient allowlisting, message preview, rate limits, or a user approval gate.
payload = {
"receive_id": receive_id,
"msg_type": "text",
"content": json.dumps({"text": text}),
}
resp = requests.post(FEISHU_SEND_MSG_URL, ... json=payload, timeout=15)Require explicit user approval before sending, restrict recipients to a configured allowlist/defaultTo, add audit logging, and consider rate limits for automated sends.
Installation depends on whatever version of 'requests' is resolved from the user's package index at install time.
The skill depends on an external Python package installed manually without a pinned version or lockfile. This is common for Python utilities, but users should notice the dependency provenance.
python3 -m pip install requests
Install from a trusted package index and consider pinning a known-good requests version in deployment documentation.