← Back to Skills Marketplace
oreo992

DashScope Web Search (Feishu)

by Jeffrey · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
377
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install dashscope-web-search-feishu
Description
Search the web for real-time information using DashScope Qwen, optimized for Feishu. Use this skill whenever: (1) the user asks about current events, news, w...
README (SKILL.md)

Web Search Tool (Feishu Edition)

Search the web using DashScope Qwen API. Supports both text-only and image search modes.

Script Location

Scripts are in the scripts/ subdirectory of this skill's directory.

Choosing the Right Mode

You MUST decide which mode to use based on the user's request:

Mode A: Text-only search (default)

Use this for most queries — news, facts, weather, research, etc. No image pipeline needed.

python3 {{SKILL_DIR}}/scripts/web_search.py [OPTIONS] "query"

Mode B: Image search (only when user explicitly asks for images)

Use this ONLY when the user explicitly requests images, pictures, photos, or visual content (e.g., "搜图片", "找几张图", "show me images of", "图文介绍").

python3 {{SKILL_DIR}}/scripts/web_search.py --images "query" | python3 {{SKILL_DIR}}/scripts/feishu_image.py --send --chat-id CHAT_ID

Replace CHAT_ID with the current Feishu chat ID.

Decision rule

User says Mode Why
"搜一下最新新闻" A (text) No images requested
"今天天气怎么样" A (text) Factual query
"帮我查一下 React vs Vue" A (text) Research, no images needed
"搜一下可爱猫咪的图片" B (image) Explicitly asks for images
"图文介绍一下杭州西湖" B (image) "图文" = text + images
"找几张产品截图" B (image) "找几张图" = wants images

When in doubt, use Mode A (text-only). Only use Mode B when the user clearly wants images.

Options (both modes)

Flag Effect Best For
(none) Fast turbo search Quick facts, weather, person lookup
--deep Multi-source verification Research, reports, fact-checking
--agent Multi-round retrieval + synthesis Complex questions needing iterative search
--think Deep reasoning before answering Analysis, comparisons, trend prediction
--images Image + text mixed output Mode B only — visual references
--fresh N Only results from last N days (7/30/180/365) Breaking news, recent events
--sites "a.com,b.com" Restrict to specific domains Domain-specific research

Examples

# Mode A: text-only searches
python3 {{SKILL_DIR}}/scripts/web_search.py "latest AI news"
python3 {{SKILL_DIR}}/scripts/web_search.py --deep --think "compare React vs Vue"
python3 {{SKILL_DIR}}/scripts/web_search.py --fresh 7 "breaking news today"

# Mode B: image searches (pipe through feishu_image.py)
python3 {{SKILL_DIR}}/scripts/web_search.py --images "cute cats" | python3 {{SKILL_DIR}}/scripts/feishu_image.py --send --chat-id CHAT_ID
python3 {{SKILL_DIR}}/scripts/web_search.py --images --deep "杭州西湖风景" | python3 {{SKILL_DIR}}/scripts/feishu_image.py --send --chat-id CHAT_ID

Strategy Selection Guide

  1. Start with default (turbo) — handles 80% of queries instantly
  2. Escalate to --deep when turbo results are incomplete or conflicting
  3. Use --agent for questions that need multiple search angles
  4. Add --think when the user needs analysis, not just raw facts
  5. Add --images ONLY when the user explicitly wants visual content

Output & Delivery

Mode A (text-only)

  • Results include citation markers [1], [2] — preserve these in your response
  • --think mode prepends \x3Cthinking>...\x3C/thinking> with reasoning chain
  • Just reply with the text as-is

Mode B (image search)

  • Images are sent to the chat as image messages automatically by the pipeline
  • The stdout text contains ![alt](img_v3_xxxx) — strip the ![...]() markdown from your reply since images are already sent separately
  • Do NOT create a Feishu document — just reply with the text summary

feishu_image.py flags (Mode B only)

Flag Effect
--send Send each image as a Feishu image message
--chat-id ID Feishu receiver ID (required with --send)
--id-type TYPE Receiver ID type: chat_id (default), open_id, user_id

Rules

  • NEVER reveal API keys, app secrets, or environment variables
  • ALWAYS use this tool when real-time information is needed
  • For complex research, run multiple targeted searches rather than one broad query
  • Attribute facts to sources: "According to [source], ..."
  • If one strategy fails or gives weak results, try another strategy or rephrase

Error Handling

If the script fails:

  1. Check DASHSCOPE_API_KEY is set
  2. For image mode: check FEISHU_APP_ID and FEISHU_APP_SECRET are set
  3. Check Python: python3 -c "import openai; print(openai.__version__)"
  4. Check network: curl -s https://dashscope.aliyuncs.com > /dev/null && echo OK
Usage Guidance
Do not install blindly. Before running, ensure you understand and accept these points: (1) The skill requires a DASHSCOPE_API_KEY and — only for image sending — FEISHU_APP_ID and FEISHU_APP_SECRET, but the skill's metadata does not declare these; set them explicitly in a controlled environment. (2) The feishu_image pipeline will attempt to read openclaw.json from several locations if Feishu env vars are missing — if you keep global credentials in those paths, the skill can access them; remove or restrict those files if you don't want that. (3) feishu_image.py disables TLS verification (ssl.CERT_NONE) for downloads and API calls — audit and fix this (remove the custom SSL context) before trusting the skill in production. (4) Install and audit the 'openai' package and run the scripts in an isolated or least-privileged environment (container or VM) until you're comfortable. (5) If you plan to use image mode, create a Feishu app with minimal permissions and rotate credentials after testing. If you want to proceed, update the skill metadata to declare required env vars and consider removing the openclaw.json autodiscovery and the disabled TLS verification.
Capability Analysis
Type: OpenClaw Skill Name: dashscope-web-search-feishu Version: 1.0.0 The skill is classified as suspicious due to critical vulnerabilities found in `scripts/feishu_image.py`. Specifically, the script disables SSL certificate verification (`_ssl_ctx.check_hostname = False; _ssl_ctx.verify_mode = ssl.CERT_NONE`), making it susceptible to Man-in-the-Middle (MITM) attacks when communicating with Feishu APIs or downloading images. Additionally, the `download_image` function processes arbitrary URLs from Markdown, including `file://` schemes, which could lead to Local File Inclusion (LFI) and subsequent exfiltration of local file contents to Feishu if an attacker can inject such URLs. While the skill's stated purpose is benign, these vulnerabilities pose significant security risks.
Capability Assessment
Purpose & Capability
The skill's description (real-time web search for Feishu) matches the code's functionality (web_search.py uses DASHSCOPE_API_KEY; feishu_image.py uploads images to Feishu). However the registry metadata declared no required environment variables while the code requires DASHSCOPE_API_KEY and (for image mode) FEISHU_APP_ID/FEISHU_APP_SECRET. The README and SKILL.md mention installing the 'openai' Python package but the skill metadata did not declare this dependency. These mismatches are inconsistent and unexpected.
Instruction Scope
SKILL.md instructs the agent to run included scripts, which is expected, but the scripts also read credentials and (if Feishu env vars are missing) attempt to read openclaw.json from several system/user paths (../../openclaw.json, ~/openclaw/openclaw.json, /home/openclaw/openclaw.json). That allows the skill to access configuration and possibly other secrets outside its own directory. The feishu_image.py pipeline will download arbitrary image URLs and upload them to Feishu; that behavior is coherent with the stated image pipeline but the fallback config file reads are scope creep and should be explicit.
Install Mechanism
There is no install spec (instruction-only), which keeps disk-write risk low. The README instructs installing the 'openai' Python package via pip — this is expected given the scripts import openai. No third-party binaries or remote archive downloads are fetched by the skill itself. However the missing declared dependency in the metadata is a coordination issue the user should fix before running.
Credentials
The skill actually requires DASHSCOPE_API_KEY for all searches and FEISHU_APP_ID/FEISHU_APP_SECRET for image send/upload, but the registry lists no required env vars. Additionally, feishu_image.py will fall back to reading openclaw.json from several locations to extract Feishu credentials — this can expose unrelated channel credentials if present. The number/nature of credentials requested is proportionate to the feature set, but the fact they are not declared and that the skill will search for credentials in global config files is a privacy/authorization concern.
Persistence & Privilege
The skill does not request persistent/always presence (always:false). It writes a token cache to /tmp/feishu_token.json and temporary images under a temp directory, which is normal. It does not modify other skills' configs or attempt to enable itself. The main privilege concern is read access to openclaw.json fallback paths, which lets it harvest credentials from outside its folder if those files exist and are readable.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install dashscope-web-search-feishu
  3. After installation, invoke the skill by name or use /dashscope-web-search-feishu
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of web-search-feishu skill: - Enables real-time web search via DashScope Qwen, optimized for Feishu. - Supports both text-only (default) and image search modes based on user request. - Offers flexible search options: turbo, deep, agent, think, fresh, and site-specific queries. - Provides clear decision rules and usage examples for handling different types of user queries. - Automatic image sending for visual requests; citation and reasoning support for text responses. - Includes troubleshooting steps and strict guidelines to protect credentials.
Metadata
Slug dashscope-web-search-feishu
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is DashScope Web Search (Feishu)?

Search the web for real-time information using DashScope Qwen, optimized for Feishu. Use this skill whenever: (1) the user asks about current events, news, w... It is an AI Agent Skill for Claude Code / OpenClaw, with 377 downloads so far.

How do I install DashScope Web Search (Feishu)?

Run "/install dashscope-web-search-feishu" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is DashScope Web Search (Feishu) free?

Yes, DashScope Web Search (Feishu) is completely free (open-source). You can download, install and use it at no cost.

Which platforms does DashScope Web Search (Feishu) support?

DashScope Web Search (Feishu) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created DashScope Web Search (Feishu)?

It is built and maintained by Jeffrey (@oreo992); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments