Description

Configure OpenClaw multi-agent routing for Feishu multi-account setups. Use when users need two or more Feishu bots (different appId/appSecret) to run on iso...

README (SKILL.md)

Openclaw Feishu Multi Agent Setup

Name: Create a new agent in FeiShu
Author: tinywatermonster

Overview

Set up and verify that each Feishu account is routed to the intended OpenClaw agent with isolated workspace and prompt files. Apply deterministic checks so routing, persona, and channel health are provable from logs. Also ensure each new agent has a valid MEMORY.md and working memory embeddings.

Required Inputs

Target agent ids (example: main, assistant)
Target workspace paths (example: ~/.openclaw/workspace, ~/.openclaw/workspace-assistant)
Feishu account ids (example: default, backup)
App credentials per account (appId, appSecret)
Memory embedding plan per agent (auto or explicit provider/endpoint)

Workflow

1. Inspect current state first

Run:

openclaw agents list --bindings
openclaw agents bindings --json
openclaw config get channels.feishu

Detect these issues before changing anything:

backup/default both mapped to same agent
missing agent in agents.list
missing account in channels.feishu.accounts
duplicated agentDir across agents

2. Back up config before edits

cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak.$(date +%Y%m%d-%H%M%S)

3. Ensure agents are isolated

Prefer non-interactive creation when adding a new agent:

openclaw agents add assistant \
  --non-interactive \
  --workspace ~/.openclaw/workspace-assistant \
  --model minimax-portal/MiniMax-M2.5

Ensure agents.list[] has unique workspace and agentDir per agent.

4. Bootstrap required workspace files for new agents

For every new non-main agent workspace, verify these files exist and are customized:

AGENTS.md
SOUL.md
IDENTITY.md
USER.md
TOOLS.md
MEMORY.md (or memory.md)

Why this is mandatory:

MEMORY.md is injected into system prompt when present.
Without agent-specific MEMORY bootstrap, global long-term context will be missing from prompt.

Also create daily memory directory (used by memory indexing):

mkdir -p ~/.openclaw/workspace-assistant/memory

5. Configure Feishu multi-account block

Ensure this shape exists in ~/.openclaw/openclaw.json:

{
  "channels": {
    "feishu": {
      "enabled": true,
      "defaultAccount": "default",
      "accounts": {
        "default": { "appId": "cli_xxx", "appSecret": "xxx", "enabled": true },
        "backup": { "appId": "cli_yyy", "appSecret": "yyy", "enabled": true }
      }
    }
  }
}

Never echo secrets back to users in plaintext.

6. Bind account to agent deterministically

Use one binding per account:

{
  "bindings": [
    { "agentId": "main", "match": { "channel": "feishu", "accountId": "default" } },
    { "agentId": "assistant", "match": { "channel": "feishu", "accountId": "backup" } }
  ]
}

Or use CLI for simple cases:

openclaw agents bind --agent main --bind feishu:default
openclaw agents bind --agent assistant --bind feishu:backup

7. Ensure prompts are truly different

Update the non-main workspace files so system prompts diverge:

AGENTS.md
SOUL.md
IDENTITY.md
USER.md

Remove stale bootstrap template when persona setup is complete:

BOOTSTRAP.md

8. Harden memory embeddings per new agent

Probe memory first:

openclaw memory status --agent assistant --deep --json

If provider is none, embeddingProbe.ok=false, or logs show provider errors, pin a working provider explicitly.

Example: route memory embeddings through OpenRouter OpenAI-compatible endpoint for work-agent:

AGENT_ID="work-agent"
IDX=$(openclaw agents list --bindings --json | jq -r --arg id "$AGENT_ID" 'to_entries[] | select(.value.id==$id) | .key')
KEY=$(jq -r '.profiles["openrouter:default"].key' ~/.openclaw/agents/$AGENT_ID/agent/auth-profiles.json)

openclaw config set "agents.list[$IDX].memorySearch.provider" '"openai"' --strict-json
openclaw config set "agents.list[$IDX].memorySearch.model" '"text-embedding-3-small"' --strict-json
openclaw config set "agents.list[$IDX].memorySearch.remote.baseUrl" '"https://openrouter.ai/api/v1"' --strict-json
openclaw config set "agents.list[$IDX].memorySearch.remote.apiKey" "\"$KEY\"" --strict-json
openclaw config set "agents.list[$IDX].memorySearch.fallback" '"none"' --strict-json

Then force index once:

openclaw memory index --agent work-agent --force --verbose
openclaw memory status --agent work-agent --deep --json

Expect:

provider is not none
embeddingProbe.ok=true
files/chunks increase after indexing

9. Validate and restart

openclaw config validate
openclaw gateway restart
openclaw gateway status
openclaw channels status --probe

10. Prove routing with log evidence

Ask user to send route-check to each bot. Then inspect logs:

openclaw channels logs --lines 300 | rg "feishu\\[(default|backup)\\].*dispatching to agent"

Expect:

feishu[default] -> session=agent:main:...
feishu[backup] -> session=agent:assistant:...

11. Approve pairing with explicit account

Always approve Feishu pairing with account scope in multi-account setups:

openclaw pairing list feishu --json
openclaw pairing approve feishu \x3Ccode> --account \x3CaccountId> --notify

This prevents approving the same sender into the wrong account allowlist.

12. Handle common Feishu errors

open_id cross app:

Cause: target open_id belongs to a different app account.
Fix: send via matching --account, keep allowFrom scoped per account.
Queue cleanup: archive stale cross-app deliveries in ~/.openclaw/delivery-queue/ before restart if they keep retrying.

gemini embeddings failed: ... User location is not supported:

Cause: memory embedding provider resolves to Gemini in unsupported region.
Fix: set per-agent memorySearch.provider to a supported provider/endpoint (example above).

providerUnavailableReason / provider=none in openclaw memory status --deep:

Cause: no usable memory embedding credentials for that agent.
Fix: configure agent-specific memorySearch provider + key, then run openclaw memory index --agent \x3Cid> --force.

99991672 contact scope warning:

Platform fix: grant one contact read scope in Feishu app.
Config fallback: set channels.feishu.resolveSenderNames=false.

cardkit:card:write streaming error:

Platform fix: grant cardkit:card:write.
Config fallback: set channels.feishu.streaming=false and channels.feishu.blockStreaming=false.

Output Contract

When finishing, report:

What changed (files + key fields).
Validation outputs (config validate, gateway status, channels status --probe).
Routing evidence lines for both accounts.
Memory evidence (memory status --agent \x3Cid> --deep, index result, provider/embedding probe state).
Any residual warnings and whether they are blocking.

Usage Guidance

This skill appears to do what it says (set up Feishu multi-account routing), but it omits telling you that it expects the openclaw CLI and common tools (jq, ripgrep/rg, jq, mkdir, cp) and that it will read and copy values from files under ~/.openclaw (including auth-profiles.json which contains API keys). Before running anything: 1) verify the skill’s origin (homepage/source unknown); 2) run the commands manually in a safe/test environment first rather than allowing automated execution; 3) verify presence of required binaries (openclaw, jq, rg) and run the listed openclaw commands yourself to see exactly what changes will be made; 4) inspect ~/.openclaw/agents/*/agent/auth-profiles.json and decide whether you’re comfortable the skill will copy those keys into agent config (consider creating limited-scope keys or rotating keys afterward); 5) back up ~/.openclaw/openclaw.json and any agent directories before applying changes; and 6) avoid pasting or logging extracted keys — follow the SKILL.md caution to not echo secrets. If you need higher assurance, ask the publisher for explicit metadata (required binaries and config paths) or for a signed/verified source before installing.

Capability Analysis

Type: OpenClaw Skill Name: feishu-multiagent Version: 1.0.1 The skill `openclaw-feishu-multi-agent-setup` in `SKILL.md` is designed for complex configuration of OpenClaw multi-agent setups, including managing API keys and external service endpoints. While its stated purpose is legitimate, the script includes advanced shell scripting with `jq` for parsing sensitive configuration data (like API keys from `~/.openclaw/agents/$AGENT_ID/agent/auth-profiles.json`) and dynamically setting `openclaw` configuration parameters, including an external `baseUrl` (`https://openrouter.ai/api/v1`). This pattern, involving dynamic parsing and configuration of sensitive data via shell commands, introduces a potential vulnerability for shell injection if the inputs (e.g., agent IDs, `openclaw` command outputs) were to be manipulated by an attacker via prompt injection or other means. Although there is no evidence of intentional malicious behavior or data exfiltration to unauthorized endpoints, the powerful and dynamic nature of these configuration steps warrants a 'suspicious' classification due to the inherent risk of exploitation as a vulnerability.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md’s actions (creating agents, editing ~/.openclaw/openclaw.json, binding accounts, and configuring memory embedding providers) are coherent with the stated purpose. However the skill metadata declares no required binaries or config paths while the runtime instructions require the openclaw CLI and common tools (jq, rg/rg, mkdir, cp) and specific ~/.openclaw paths. The missing declared requirements is an inconsistency that should have been disclosed.

⚠ Instruction Scope

The instructions direct the agent/operator to read and modify local config files (~/.openclaw/openclaw.json, per-agent auth-profiles.json), to extract API keys with jq, and to write keys into agent config (memorySearch.remote.apiKey). Reading and copying local credential files is sensitive even if needed for the task. The SKILL.md warns not to echo secrets, but the procedural steps still involve extracting and re-inserting secrets which increases chance of accidental exposure if run automatically or without care.

✓ Install Mechanism

Instruction-only skill with no install spec and no code to run on install. That minimizes supply-chain risk. (Note: runtime requires CLI tools that should be present but were not declared in the metadata.)

⚠ Credentials

The skill declares no required environment variables or config paths, yet it instructs accessing multiple files under ~/.openclaw (openclaw.json, agents/*/agent/auth-profiles.json) and reading API keys. Requiring or reading local stored API keys and account secrets is plausible for this task, but the metadata should explicitly declare these privileged file accesses so users can make an informed decision.

✓ Persistence & Privilege

Skill is not always-enabled and does not request persistent platform privileges. The actions are limited to editing OpenClaw configuration and restarting gateway components via the OpenClaw CLI — appropriate for a configuration helper and not indicative of privileged persistence beyond normal config changes.

Version History

v1.0.1

**Expanded guidance for agent memory and pairing management.** - SKILL.md updated to include steps for ensuring MEMORY.md is present, agent-specific memory embedding provider configuration, and memory health verification. - Added detailed memory troubleshooting advice for embedding provider failures, region errors, and per-agent overrides. - Included pairing approval workflow: explicitly require account scope in pairing approvals for multi-account Feishu setups. - Updated error handling to reflect memory provider and pairing/account mixup cases. - Output contract expanded to cover memory evidence and pairing/approval results. - No behavioral changes to agents/openai.yaml.

v1.0.0

Initial release of multi-agent Feishu configuration skill for OpenClaw. - Guides setup for running multiple Feishu bots (distinct appId/appSecret) on isolated agents with separate workspaces and prompts. - Detects and troubleshoots common multi-account routing, persona isolation, and Feishu-specific errors (e.g., cross-app, contact scope, card streaming). - Provides deterministic steps for binding agents to Feishu accounts and validating correct routing using logs. - Includes backup, agent isolation, and config validation steps to ensure safe and reliable setup. - Outlines expected validation outputs and routing evidence for confirmation.

Metadata

Slug feishu-multiagent

Version 1.0.1

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Create a new agent in FeiShu?

Configure OpenClaw multi-agent routing for Feishu multi-account setups. Use when users need two or more Feishu bots (different appId/appSecret) to run on iso... It is an AI Agent Skill for Claude Code / OpenClaw, with 392 downloads so far.

How do I install Create a new agent in FeiShu?

Run "/install feishu-multiagent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Create a new agent in FeiShu free?

Yes, Create a new agent in FeiShu is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Create a new agent in FeiShu support?

Create a new agent in FeiShu is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Create a new agent in FeiShu?

It is built and maintained by tinywatermonster (@tinywatermonster); the current version is v1.0.1.

More Skills

Create a new agent in FeiShu