← Back to Skills Marketplace
111
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install gamma-feishu-supertoolkit
Description
飞书超级工具包 - 集成文件发送(含音频卡片)、日历、审批、多维表格、通讯录、考勤六大模块
README (SKILL.md)
🚀 Feishu SuperToolkit
飞书超级工具包 - 文件发送 + 办公自动化一体化解决方案
基于 official/feishu-toolkit 和 feishu-file-sender 合并增强,集成 文件发送(含音频卡片)、日历管理、审批流程、多维表格、通讯录查询、考勤管理 六大核心模块。
✨ 功能亮点
| 模块 | 能力 | 示例指令 |
|---|---|---|
| 📎 文件发送 | 图片预览、音频卡片(内嵌播放器)、视频封面、文档发送 | "把这首哈萨克语歌曲用卡片形式发到飞书" |
| 📅 日历 | 日程 CRUD、会议室预约、忙闲查询 | "帮我预约明天下午的 8 楼大会议室" |
| ✅ 审批 | 发起/查询/同意/拒绝/转交审批 | "帮我发起一个出差审批" |
| 📊 多维表格 | 表格创建、记录增删改查 | "在项目跟踪表中新增一条任务" |
| 👥 通讯录 | 用户/部门查询、组织架构浏览 | "查一下市场部有哪些成员" |
| ⏰ 考勤 | 打卡记录、补卡查询、考勤组管理 | "查看我这周的打卡记录" |
🆕 增强特性
🎵 音频卡片支持
- 自动转换为 OPUS 格式
- 内嵌播放器(进度条 + 时间显示)
- 飞书客户端 V7.49+ 支持
🖼️ 图片预览
- 直接预览显示,无需点击
🌐 UTF-8 编码机制
- 所有文本内容自动使用 UTF-8 编码
- 支持中文、哈萨克语、阿拉伯语等多语言
- 避免乱码问题
📦 安装
claw skill install gamma/feishu-supertoolkit
⚙️ 配置
1. 设置环境变量
export FEISHU_APP_ID="cli_a93078949238dbb3"
export FEISHU_APP_SECRET="AVJVZYEdlVIPtF8G50aDPdiXIiJXmWyX"
2. 启动服务
cd server/
uv venv && uv pip install -e ".[dev]"
uv run --env-file .env uvicorn feishu_supertoolkit.main:app --host 127.0.0.1 --port 8002
3. 验证
curl http://127.0.0.1:8002/ping
# {"message": "pong"}
🔐 权限清单
| 模块 | 权限标识 | 说明 |
|---|---|---|
| 文件发送 | im:message:send_as_bot |
发送消息 |
| 文件发送 | im:file:upload |
上传文件 |
| 日历 | calendar:calendar |
读写日历及日程 |
| 日历 | vc:room:readonly |
查询会议室 |
| 审批 | approval:approval |
读写审批信息 |
| 审批 | approval:task |
审批人操作 |
| 多维表格 | bitable:app |
读写多维表格 |
| 多维表格 | drive:drive |
访问云空间 |
| 通讯录 | contact:contact.base:readonly |
读取通讯录 |
| 考勤 | attendance:task:readonly |
导出打卡数据 |
📖 详细文档
🔗 相关资源
📝 更新日志
- v1.0.0 (2026-03-26) - 初始版本
- 合并
official/feishu-toolkit和feishu-file-sender - 增强消息模块(音频卡片、图片预览)
- 添加 UTF-8 编码机制
- 支持多语言(中文、哈萨克语、阿拉伯语)
- 合并
Usage Guidance
This package appears to be what it claims: a Feishu integration toolkit. Before installing, consider the following: (1) Protect FEISHU_APP_SECRET — the service uses it to obtain tenant access tokens with broad API access (contacts, attendance, approvals, etc.). Use the least-privilege app credentials you can. (2) The messaging endpoints accept a local file_path and will read files as the process user — do not call those endpoints with paths to sensitive files, and avoid exposing the server to untrusted networks. (3) The service uses ffmpeg/ffprobe to transcode and probe audio — keep those binaries patched. (4) The SKILL.md shows installing a Homebrew 'uv' formula; verify that the 'uv' package is the intended/trusted tool in your environment before installing. (5) Run the service bound to 127.0.0.1 (as instructed) and avoid exposing it publicly because the app enables permissive CORS. If you need higher assurance, review the included Python source files yourself (they are present and correspond to the described features).
Capability Analysis
Type: OpenClaw Skill
Name: gamma-feishu-supertoolkit
Version: 1.0.0
The skill bundle contains hardcoded Feishu API credentials (FEISHU_APP_ID and FEISHU_APP_SECRET) within the SKILL.md documentation, which is a significant security risk. Additionally, the messaging_api.py file implements a 'send-file' endpoint that accepts an unvalidated 'file_path' parameter, creating an arbitrary file read vulnerability that allows the AI agent to access and exfiltrate any file from the host system to Feishu. While these behaviors align with the stated purpose of a Feishu toolkit, the combination of leaked credentials and high-risk file access capabilities poses a substantial threat to the host environment.
Capability Assessment
Purpose & Capability
Name/description (Feishu toolkit: messaging, calendar, approvals, bitable, contacts, attendance) matches the code and declared requirements. Required env vars (FEISHU_APP_ID, FEISHU_APP_SECRET) are exactly what a Feishu tenant integration needs. Required binaries (python/pip and ffmpeg) are justified (Python for the FastAPI service; ffmpeg/ffprobe for audio conversion/duration). The 'uv' binary requirement and brew formula are unusual but consistent with the provided SKILL.md which uses a 'uv' wrapper to manage virtualenv and run uvicorn.
Instruction Scope
SKILL.md instructs to set FEISHU_APP_ID/SECRET and start a local FastAPI service; the code only uses those creds for Feishu API calls. The messaging endpoints accept a 'file_path' which will cause the server to read local files — this is expected for a file-sender but means the running service can read any file the process user can access if a caller submits that path. The SKILL.md does not instruct reading other system files or unrelated environment variables. No hidden external endpoints were observed; all network calls target open.feishu.cn.
Install Mechanism
Install uses Homebrew to install a formula named 'uv' and pip to install Python dependencies (requests, requests-toolbelt) — pip dependencies are normal and listed in pyproject.toml. A Homebrew formula is a traceable install source; the formula name 'uv' is uncommon but matches SKILL.md usage. No downloads from untrusted URLs or archive extraction steps were observed.
Credentials
Only FEISHU_APP_ID and FEISHU_APP_SECRET are required and declared; those are proportionate for an app that calls Feishu APIs with tenant access. The code optionally reads FEISHU_APPROVAL_CODES (documented) for convenience but it is not required. Treat FEISHU_APP_SECRET as sensitive and do not share it.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It runs a local web service (FastAPI) listening on 127.0.0.1 per the instructions; however the app enables permissive CORS (allow_origins=["*"]) which could be risky if the service is ever bound to a public interface. Ensure the service is only bound to localhost and not exposed publicly.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gamma-feishu-supertoolkit - After installation, invoke the skill by name or use
/gamma-feishu-supertoolkit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
合并 feishu-toolkit 和 feishu-file-sender,增强消息模块(音频卡片、图片预览),添加 UTF-8 编码机制
Metadata
Frequently Asked Questions
What is Feishu SuperToolkit?
飞书超级工具包 - 集成文件发送(含音频卡片)、日历、审批、多维表格、通讯录、考勤六大模块. It is an AI Agent Skill for Claude Code / OpenClaw, with 111 downloads so far.
How do I install Feishu SuperToolkit?
Run "/install gamma-feishu-supertoolkit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Feishu SuperToolkit free?
Yes, Feishu SuperToolkit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Feishu SuperToolkit support?
Feishu SuperToolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Feishu SuperToolkit?
It is built and maintained by ayden76 (@ayden76); the current version is v1.0.0.
More Skills