← Back to Skills Marketplace
systransform88

OpenClaw Feishu Message

by systransform88 · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
89
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-feishu-message
Description
Send Feishu/Lark direct messages and work follow-ups from OpenClaw. Use when the user wants to search for a person in Feishu/Lark, resolve a user, create a 1...
Usage Guidance
This plugin appears to do what it says (look up Feishu contacts and send bot messages), but review these items before installing: - Inspect data/contact-cache.json: it contains many email addresses and phone numbers bundled with the plugin. Remove or sanitize this file if it contains PII you don't want included. - Confirm where Feishu credentials will come from: the plugin reads your OpenClaw config (~/.openclaw/openclaw.json) or the file pointed to by OPENCLAW_CONFIG_PATH to find appId/appSecret. If you don't want the plugin to read that file, do not install or set a safe OPENCLAW_CONFIG_PATH. - The cache path is hardcoded to /root/.openclaw/workspace/..., which may be inappropriate for your environment. If you run as a non-root user or in a constrained environment, ask the plugin author to make the data directory configurable or to use a runtime-provided workspace path. - Verify the Feishu appId/appSecret and tenant scopes before granting them (employee lookup, chat creation, and bot-send scopes are needed). Consider creating a limited-scope bot account for this plugin. If these concerns are acceptable or addressed (configuration of cache path, removal of bundled PII, and clear credential management), the plugin's behavior is consistent with its stated purpose. Otherwise treat it as potentially risky and request changes from the publisher.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-feishu-message Version: 0.1.0 The skill bundle provides legitimate integration with Feishu/Lark for contact lookup and messaging. It demonstrates good security practices by implementing a secret redaction utility in `src/errors.js` to prevent credential leakage in logs and uses Zod for strict input validation in `src/tool-feishu-message.js`. While the bundle includes a pre-populated cache file (`data/contact-cache.json`) containing PII such as names and emails, this appears to be residual test data or stateful configuration rather than an intentional attempt at data exfiltration or malice.
Capability Assessment
Purpose & Capability
Name/description align with the code: the package uses the official Feishu/Lark SDK to look up employees, create chats, and send messages. The included client, search, send, and cache logic are coherent with a messaging/contact-resolution tool. However, the plugin bundles a pre-populated contact-cache.json (contains many email addresses and phone numbers) and hardcodes a data directory under /root/.openclaw/workspace/plugins/openclaw-feishu-message/data, which is more persistent and invasive than the registry metadata suggested (the registry showed no required config paths).
Instruction Scope
SKILL.md limits behavior to contact resolution and messaging. The implementation, however, reads persisted OpenClaw config files (~/ .openclaw/openclaw.json or a path pointed to by OPENCLAW_CONFIG_PATH) and will use appId/appSecret from those configs. That file access and the ability to read an arbitrary path via env var are not documented in the registry metadata and broaden the plugin's runtime scope. The pre-populated contact-cache also means the plugin may return or expose local PII that is bundled with the skill.
Install Mechanism
No remote downloads or unusual install steps are present; dependencies are standard npm packages (@larksuiteoapi/node-sdk, openclaw, etc.). There is no explicit install spec in the registry, but the code is standard Node.js and does not fetch arbitrary archives or use URL-shortened sources.
Credentials
The skill declares no required env vars, but at runtime it will look for Feishu credentials in runtime config or a persisted OpenClaw config file and respects OPENCLAW_CONFIG_PATH. Requiring Feishu appId/appSecret is appropriate for its purpose, but the plugin implicitly accesses user config files (and can be pointed at an arbitrary config path via env var). That implicit access should be made explicit to users before install.
Persistence & Privilege
The plugin writes/reads a cache file in a hardcoded directory under /root/.openclaw/workspace/plugins/... which is inflexible and may be inappropriate for non-root runtimes. It also ships with data/contact-cache.json containing many contact entries (emails, phone numbers). While caching contacts is reasonable, bundling third-party PII and using a fixed root-based path increases privacy and operational risk and should be reviewed.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-feishu-message
  3. After installation, invoke the skill by name or use /openclaw-feishu-message
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: Feishu/Lark contact lookup, caching, direct messaging, and follow-up actions.
Metadata
Slug openclaw-feishu-message
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is OpenClaw Feishu Message?

Send Feishu/Lark direct messages and work follow-ups from OpenClaw. Use when the user wants to search for a person in Feishu/Lark, resolve a user, create a 1... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.

How do I install OpenClaw Feishu Message?

Run "/install openclaw-feishu-message" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Feishu Message free?

Yes, OpenClaw Feishu Message is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OpenClaw Feishu Message support?

OpenClaw Feishu Message is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Feishu Message?

It is built and maintained by systransform88 (@systransform88); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments