← Back to Skills Marketplace
noir-hedgehog

飞书开放平台 API

by Noir · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
74
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install feishu-api
Description
飞书开放平台 API 技能。用于:(1) 调用飞书开放 API 完成插件以外的操作(如批量写入、权限管理、文件夹操作等);(2) 实现 OAuth 用户授权流程;(3) 批量数据处理。 当用户提到飞书 API、飞书开放平台、OAuth 授权、user_access_token,或需要批量操作飞书数据(多维表格批量...
README (SKILL.md)

飞书开放平台 API

本技能提供直接调用飞书开放 API 的能力,作为飞书插件工具的补充。

核心概念

认证方式

类型 用途 有效期
tenant_access_token 应用身份调用 API 2小时
user_access_token 代表用户操作 有效期短,需刷新

重要:所有脚本中不得硬编码 app_idapp_secretaccess_token。从配置文件读取或使用环境变量。

读取凭据

飞书凭据存储在 ~/.openclaw/openclaw.jsonchannels.feishu 下:

import json
with open('/root/.openclaw/openclaw.json') as f:
    config = json.load(f)
feishu_cfg = config.get('channels', {}).get('feishu', {})
APP_ID = feishu_cfg.get('appId', '')
APP_SECRET = feishu_cfg.get('appSecret', '')

典型工作流

1. 获取 Token

import ssl, urllib.request, json

def get_app_access_token(app_id, app_secret):
    url = 'https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal'
    data = json.dumps({'app_id': app_id, 'app_secret': app_secret}).encode()
    req = urllib.request.Request(url, data=data, method='POST')
    req.add_header('Content-Type', 'application/json')
    ctx = ssl._create_unverified_context()
    with urllib.request.urlopen(req, context=ctx, timeout=10) as r:
        return json.loads(r.read()).get('tenant_access_token')

2. 调用 API

def call_feishu_api(url, method, token, payload=None):
    ctx = ssl._create_unverified_context()
    data = json.dumps(payload, ensure_ascii=False).encode() if payload else None
    req = urllib.request.Request(url, data=data, method=method)
    req.add_header('Authorization', f'Bearer {token}')
    req.add_header('Content-Type', 'application/json')
    with urllib.request.urlopen(req, context=ctx, timeout=30) as r:
        return json.loads(r.read())

3. 批量操作多维表格

# 批量创建记录
url = f'https://open.feishu.cn/open-apis/bitable/v1/apps/{app_token}/tables/{table_id}/records/batch_create'
payload = {'records': [{'fields': {'字段名': '值'}} for item in items]}
result = call_feishu_api(url, 'POST', token, payload)

# 批量删除记录
url = f'https://open.feishu.cn/open-apis/bitable/v1/apps/{app_token}/tables/{table_id}/records/batch_delete'
payload = {'records': ['record_id_1', 'record_id_2']}
result = call_feishu_api(url, 'POST', token, payload)

4. 权限管理

# 添加协作者
url = f'https://open.feishu.cn/open-apis/drive/v1/permissions/{file_token}/members?type=bitable'
payload = {
    'member_type': 'openid',      # 或 email, userid, unionid
    'member_id': 'ou_xxx',        # 用户 open_id
    'perm': 'edit'                 # view | edit | full_access
}
result = call_feishu_api(url, 'POST', token, payload)

常用 API 端点

功能 端点
批量创建多维表格记录 POST /bitable/v1/apps/{app_token}/tables/{table_id}/records/batch_create
批量删除多维表格记录 POST /bitable/v1/apps/{app_token}/tables/{table_id}/records/batch_delete
更新记录 PUT /bitable/v1/apps/{app_token}/tables/{table_id}/records/{record_id}
添加权限成员 POST /drive/v1/permissions/{file_token}/members?type={type}
列出权限成员 GET /drive/v1/permissions/{file_token}/members?type={type}
创建文件夹 POST /drive/v1/files/create_folder
移动文件 POST /drive/v1/files/{file_token}/move
上传文件 POST /drive/v1/files/upload_all

详细参考

数据安全准则

  1. 不硬编码凭据 - 始终从配置文件读取
  2. 不输出敏感信息 - 不打印 token、secret 等
  3. 最小权限 - 仅申请所需的权限范围
  4. 定期刷新 - token 过期前刷新

速率限制

  • 普通 API:每应用每秒 10 请求
  • 上传文件:每应用每分钟 60 次
  • 批量接口:每批最大 50 条记录
Usage Guidance
Before installing, consider these points: - The skill will try to read Feishu credentials from a local config file (examples show '/root/.openclaw/openclaw.json' and '~/.openclaw/openclaw.json') but the package metadata doesn't declare that config path or any required secrets — ask the author to declare required config paths or accept credentials via environment variables instead. - The Python code disables TLS certificate verification (ssl._create_unverified_context), which makes network traffic vulnerable to MITM; require fixing this to verify certificates in production. - Verify the script's file-reading behavior and that it won't attempt to access other sensitive files. The hardcoded /root path is unusual — confirm it will work under your agent user and won't leak other system files. - Inspect and test the file-upload implementation (references/drive.md) — it builds multipart payloads by interpolating binary data into strings which can corrupt binary uploads and may be memory-inefficient. - Ask the maintainer to: (1) declare required config paths or env vars in metadata, (2) remove unverified SSL contexts, (3) support configurable credential locations (env vars or explicit config parameter) instead of fixed '/root' paths, and (4) document expected permissions/scopes for OAuth. - If you must use it now, run it in a restricted environment, audit the openclaw.json contents, and avoid running with elevated privileges until these issues are resolved. These issues look like sloppy engineering rather than clearly malicious intent, but they increase risk — require the fixes above or more information from the author before trusting the skill.
Capability Analysis
Type: OpenClaw Skill Name: feishu-api Version: 1.0.0 The skill provides functional Feishu API integration but contains a significant security vulnerability by explicitly disabling SSL certificate verification (using ssl._create_unverified_context) in scripts/feishu_utils.py and SKILL.md, making the agent susceptible to Man-in-the-Middle (MITM) attacks. Additionally, it targets a specific sensitive configuration path (/root/.openclaw/openclaw.json) to retrieve credentials. While these practices are high-risk and insecure, there is no clear evidence of intentional malice or data exfiltration to non-Feishu domains.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description claim Feishu API and OAuth handling which matches the provided code and docs, but the skill expects credentials in a local config file (~/.openclaw/openclaw.json / /root/.openclaw/openclaw.json) while the registry metadata declares no required config paths or credentials — this mismatch is unexpected and should have been declared.
Instruction Scope
SKILL.md and the included scripts instruct the agent to read a specific local file (/root/.openclaw/openclaw.json) for secrets and to perform network calls to Feishu endpoints — these are coherent with the Feishu purpose, but the instructions also embed use of ssl._create_unverified_context() (disables TLS verification) in multiple request functions, which weakens transport security and is a notable security concern.
Install Mechanism
There is no install spec (instruction-only plus utility script). No remote downloads or third-party package installs are requested, which lowers supply-chain risk.
Credentials
The skill asks to read sensitive credentials from a local configuration file but declares no required env vars or config paths in metadata. Also the code uses an absolute '/root/.openclaw/openclaw.json' path (and SKILL.md refers to '~/.openclaw'), which is inconsistent and may imply elevated filesystem expectations. Secrets access is not explicitly declared/justified in the registry metadata.
Persistence & Privilege
always:false and model invocation not disabled (normal). The skill does not request persistent platform-wide privileges or modify other skills; no elevated 'always' privilege is present.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install feishu-api
  3. After installation, invoke the skill by name or use /feishu-api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
初始版本:包含 OAuth 流程、多维表格批量操作、云文档权限管理、工具脚本
Metadata
Slug feishu-api
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is 飞书开放平台 API?

飞书开放平台 API 技能。用于:(1) 调用飞书开放 API 完成插件以外的操作(如批量写入、权限管理、文件夹操作等);(2) 实现 OAuth 用户授权流程;(3) 批量数据处理。 当用户提到飞书 API、飞书开放平台、OAuth 授权、user_access_token,或需要批量操作飞书数据(多维表格批量... It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.

How do I install 飞书开放平台 API?

Run "/install feishu-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 飞书开放平台 API free?

Yes, 飞书开放平台 API is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 飞书开放平台 API support?

飞书开放平台 API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 飞书开放平台 API?

It is built and maintained by Noir (@noir-hedgehog); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments