← Back to Skills Marketplace
301
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install feishu-bot-send-image
Description
Send images directly in Feishu chat as native image messages (not file attachments). Use when: need to send a generated image, chart, screenshot, or any loca...
README (SKILL.md)
Feishu Send Image
Send local image files as native Feishu image messages via the Feishu Bot API.
Why This Skill Exists
OpenClaw's message tool with filePath, media, or buffer parameters only sends file attachments in Feishu, not inline images. This skill calls the Feishu API directly to send proper image messages.
Quick Usage
Run the script:
bash scripts/feishu_send_image.sh \x3Cimage_path> \x3Creceive_id> \x3Capp_id> \x3Capp_secret> [receive_id_type]
Arguments
| Arg | Description |
|---|---|
image_path |
Local path to image (png/jpg/gif/webp) |
receive_id |
Feishu open_id (user) or chat_id (group) |
app_id |
Feishu app ID from ~/.openclaw/openclaw.json → feishu.accounts.default.appId |
app_secret |
Feishu app secret from ~/.openclaw/openclaw.json → feishu.accounts.default.appSecret |
receive_id_type |
open_id (default) or chat_id |
Example
bash scripts/feishu_send_image.sh /tmp/chart.png \
ou_38470740452f6083ce189b7ddec722f8 \
cli_a92c368412f9dcb1 \
7uM7aLqeqYqm0Fsy0IP5QhOyTBSwxlfT
Getting Credentials
Read ~/.openclaw/openclaw.json and extract:
channels.feishu.accounts.default.appIdchannels.feishu.accounts.default.appSecret
The receiver's open_id comes from inbound message metadata (sender_id).
How It Works
- Get token —
POST /auth/v3/tenant_access_token/internalwith appId/appSecret - Upload image —
POST /im/v1/imageswithimage_type=message, returnsimage_key - Send message —
POST /im/v1/messageswithmsg_type=imageand theimage_key
Output
On success: OK: image_key=\x3Ckey> message_id=\x3Cid>
On failure: prints error and exits with code 1.
Usage Guidance
This skill implements the advertised feature (sending inline Feishu images) and uses legitimate Feishu endpoints. Before installing: (1) note the package metadata omits runtime requirements — the script needs curl and python3 and the README/skill instructs reading ~/.openclaw/openclaw.json for app_id/app_secret; verify that reading that file is acceptable in your environment. (2) Treat app_id/app_secret as sensitive: avoid passing them on the command line (process lists can expose them); prefer using a secure credential mechanism or a protected config file with restricted permissions. (3) Confirm the Feishu app only has the minimum permissions required (im:message:send_as_bot and im:resource). (4) Inspect the script in your environment before running and run it in a context that limits exposure of credentials and of any untrusted images. If you want higher assurance, ask the author to declare required binaries and config paths in the skill metadata and to provide an option that reads credentials from a secure env var or a restricted config file rather than command-line arguments.
Capability Analysis
Type: OpenClaw Skill
Name: feishu-bot-send-image
Version: 1.0.0
The skill facilitates sending images via the Feishu API but contains a shell injection vulnerability in `scripts/feishu_send_image.sh` because it insecurely expands variables within `curl` command strings, allowing for command substitution if credentials are manipulated. Furthermore, `SKILL.md` directs the AI agent to read the sensitive `~/.openclaw/openclaw.json` configuration file to retrieve credentials. While the behavior appears aligned with the stated purpose of bypassing OpenClaw's attachment limitations, the combination of insecure script execution and broad credential access instructions is high-risk.
Capability Assessment
Purpose & Capability
Name/description align with the implementation: the script calls Feishu endpoints to obtain a tenant token, upload an image, and send an image message. The required arguments (image path, receive_id, app_id, app_secret) are consistent with the stated purpose.
Instruction Scope
SKILL.md and README explicitly tell the user/agent to read ~/.openclaw/openclaw.json to obtain appId/appSecret. The script itself does not automatically read that file (it expects credentials as arguments), but the instructions point the agent toward a specific local config file. This is within the skill's purpose but is a scope mismatch versus the declared metadata (which claimed no config paths).
Install Mechanism
No install spec (instruction-only skill with an included shell script). No remote downloads or archive extraction. This is low-risk for installation mechanics.
Credentials
The skill requires Feishu app_id and app_secret (sensitive secrets) to function — that's appropriate for the integration, but the registry metadata lists no required env vars or config paths. README lists preconditions (curl and python3) which are not declared in metadata. The SKILL.md suggests reading ~/.openclaw/openclaw.json to obtain credentials; that file may contain other secrets and was not declared as a required config path. Also the provided usage sends secrets on the command line (argv), which can be exposed via process listings — a security concern.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system-wide configs, and has no elevated privileges declared. Autonomous invocation remains possible (platform default) but is not combined with other high-risk factors here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install feishu-bot-send-image - After installation, invoke the skill by name or use
/feishu-bot-send-image - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
First release: Sends local image files as native image messages in Feishu via Bot API, not as attachments.
- Added script (feishu_send_image.sh) to send PNG/JPG/GIF/WEBP images directly to Feishu users or groups
- Usage requires specifying image path, receiver ID/type, app ID, and app secret
- Uses Feishu Bot API: authenticates, uploads image, sends message
- Credentials must be manually extracted from ~/.openclaw/openclaw.json
- Replaces previous tool which could only send attachments, enabling true image messages
Metadata
Frequently Asked Questions
What is Feishu Send Image?
Send images directly in Feishu chat as native image messages (not file attachments). Use when: need to send a generated image, chart, screenshot, or any loca... It is an AI Agent Skill for Claude Code / OpenClaw, with 301 downloads so far.
How do I install Feishu Send Image?
Run "/install feishu-bot-send-image" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Feishu Send Image free?
Yes, Feishu Send Image is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Feishu Send Image support?
Feishu Send Image is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Feishu Send Image?
It is built and maintained by PL Uncle (@jasonzhang2015); the current version is v1.0.0.
More Skills