← Back to Skills Marketplace
91
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install agent-feishu-doc
Description
Guide for OpenClaw agents to create, read, and edit Feishu/Lark documents via API. Use when: (1) creating a new Feishu doc and writing content, (2) reading a...
README (SKILL.md)
Agent Feishu Doc Guide
Quick Reference
| Operation | API Endpoint |
|---|---|
| Create doc | POST /drive/v1/documents |
| Get doc metadata | GET /drive/v1/documents/{id} |
| Get doc blocks | GET /drive/v1/documents/{id}/blocks |
| Add blocks | POST /drive/v1/documents/{id}/blocks/{parent_id}/children |
| Set public perm | PATCH /drive/v1/permissions/{id}/public?type=docx |
Workflow
1. Create Document
curl -X POST "https://open.feishu.cn/open-apis/drive/v1/documents" \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{"title": "文档标题"}'
2. Write Content (Block API)
curl -X POST "https://open.feishu.cn/open-apis/drive/v1/documents/{doc_id}/blocks/{block_id}/children" \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{"children": [{"block_type": 2, "text": {"elements": [{"text_run": {"content": "内容"}}]}}]}'
Block types: 2=text, 3=h1, 4=h2, 7=bullet (⚠️ may error, use text instead)
3. Set Public Permissions
curl -X PATCH "https://open.feishu.cn/open-apis/drive/v1/permissions/{doc_id}/public?type=docx" \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{
"link_share_entity": "anyone_editable",
"external_access_entity": "anyone_can_edit",
"security_entity": "anyone_can_edit",
"comment_entity": "anyone_can_edit",
"share_entity": "anyone"
}'
Reading Docs
- By URL: Use
web_fetchtool onhttps://feishu.cn/docx/{doc_id} - By ID: Call GET
/drive/v1/documents/{id}then/blocks
Prerequisites
- Agent's Feishu app must be added as doc collaborator, OR doc set to public
- For cross-agent collaboration: set
tools.sessions.visibility: "all"in openclaw.json
Troubleshooting
- Cannot access doc: Add agent's app as collaborator in Feishu, or set doc to public
- Block API error 9499: Avoid
block_type: 7(bullet), use plain text blocks instead - Cross-agent visibility: Add
"tools": {"sessions": {"visibility": "all"}}to openclaw.json
For detailed API specs, permissions guide, and example workflows, see references/guide.md.
Usage Guidance
This guide appears to implement correct Feishu API calls, but there are three things to consider before installing/using it:
1) Missing credential declaration: The docs require a Feishu app_id and app_secret (to obtain a tenant_access_token), but the skill metadata does not declare any required credentials. Ask the publisher to explicitly list the required env vars/primary credential. Treat app_secret like any secret: store it only in a secure location and rotate if reused.
2) Public docs and cross-agent visibility are risky: The instructions recommend setting docs to "anyone_editable" and enabling tools.sessions.visibility="all" in openclaw.json. Both actions increase exposure — they may leak sensitive content to other agents or external users. Prefer granting the agent's app collaborator access to specific docs or using least-privilege share links instead of global public-edit settings. Only enable sessions.visibility across agents if you understand and accept the privacy implications.
3) Operational best practices: Use a dedicated Feishu bot/tenant with minimal permissions for automation, limit token lifetime, avoid making sensitive documents public, and review openclaw.json changes with an administrator. If you need higher assurance, request the publisher to (a) declare required credentials in the skill metadata, (b) provide a changelog or provenance for the guide, and (c) avoid instructing blanket config changes in guidance — prefer documenting manual, well-scoped steps.
Capability Analysis
Type: OpenClaw Skill
Name: agent-feishu-doc
Version: 1.0.0
The skill bundle provides instructions for managing Feishu/Lark documents but includes high-risk configuration recommendations. Specifically, SKILL.md and references/guide.md instruct the agent to set document permissions to 'anyone_can_edit' (publicly editable) and suggest enabling global session visibility ('tools.sessions.visibility: all') in the openclaw.json configuration. While these facilitate the stated goal of cross-agent collaboration, they significantly increase the risk of unauthorized data exposure and session interception.
Capability Assessment
Purpose & Capability
The skill's description matches Feishu document operations, but the included references/guide explicitly shows use of an app_id/app_secret and tenant_access_token (and instructs placing app credentials in ~/.openclaw/openclaw.json). The skill metadata declares no required credentials or primaryEnv; this mismatch is not proportional to the stated manifest and is an omission that affects security decisions.
Instruction Scope
SKILL.md and references/guide.md instruct the agent to (a) set documents to public/anyone_editable, (b) use web_fetch on feishu doc links, and (c) change openclaw.json to enable tools.sessions.visibility = "all" and restart the gateway. Enabling cross-agent session visibility and making docs publicly editable are outside narrow 'create/read/edit a doc' semantics because they broaden data exposure across agents and external users.
Install Mechanism
Instruction-only skill with no install spec or code files. No binaries, downloads, or package installs — low install risk.
Credentials
The guidance requires Feishu app credentials (app_id/app_secret → tenant_access_token) but the skill metadata lists no required environment variables or primary credential. Also it tells users to store secrets in openclaw.json. Requesting/using these secrets is reasonable for the operation, but failing to declare them in metadata is an incoherence and prevents automated vetting of the skill's credential needs.
Persistence & Privilege
always is false (good), but the instructions explicitly tell operators to change agent configuration (openclaw.json) to make sessions.visible to all agents. That increases the platform blast radius — a privilege/visibility change that should be flagged and intentionally authorized by administrators, not performed automatically by an agent.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agent-feishu-doc - After installation, invoke the skill by name or use
/agent-feishu-doc - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: create/read/edit Feishu docs via API, permissions, cross-agent collaboration guide
Metadata
Frequently Asked Questions
What is Agent Feishu Doc?
Guide for OpenClaw agents to create, read, and edit Feishu/Lark documents via API. Use when: (1) creating a new Feishu doc and writing content, (2) reading a... It is an AI Agent Skill for Claude Code / OpenClaw, with 91 downloads so far.
How do I install Agent Feishu Doc?
Run "/install agent-feishu-doc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Feishu Doc free?
Yes, Agent Feishu Doc is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Agent Feishu Doc support?
Agent Feishu Doc is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Feishu Doc?
It is built and maintained by JMin1113 (@jmin1113); the current version is v1.0.0.
More Skills