← Back to Skills Marketplace
129
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install feishu-chat-server-api
Description
Manage Feishu group chats through Feishu server APIs, including create, get details, list members, add members, remove members, and disband chats.
README (SKILL.md)
Feishu Chat Server API
这个 skill 负责飞书群组管理相关能力,当前覆盖以下 action:
feishu-chat-createfeishu-chat-getfeishu-chat-members-listfeishu-chat-member-addfeishu-chat-member-removefeishu-chat-disband
何时使用
当用户请求与飞书群组本身相关的操作时使用这个 skill,例如:
- 创建一个新群
- 查看某个群的详情
- 列出群成员
- 往群里加人
- 从群里移人
- 解散群
如果用户请求的是消息发送、卡片、文档、多维表格、审批等能力,不要用这个 skill,应该路由到对应模块级 skill。
路由规则
根据用户意图选择具体 action:
- 创建群:
feishu-chat-create - 获取群详情:
feishu-chat-get - 获取群成员列表:
feishu-chat-members-list - 拉人入群:
feishu-chat-member-add - 移出群成员:
feishu-chat-member-remove - 解散群:
feishu-chat-disband
不要把“移除一个成员”和“解散整个群”混淆。
通用输入
凭证优先级如下:
- action 显式传入
app_id/app_secret - 当前工作目录下的
.local/feishu-extension-skills.json - 环境变量
FEISHU_APP_ID/FEISHU_APP_SECRET
如果这 3 层都没有命中,调用会失败。
也可以在调用命令里通过 --config-file /path/to/file.json 显式指定本地配置文件路径。
群相关 action 还需要按场景提供:
chat_idnameuser_id_listmember_id
约束:
- 只接受飞书
user_id或open_id - 不要自行猜测邮箱、手机号、姓名对应的用户 ID
调用命令
统一调用入口:
uvx --from git+https://github.com/wodenwang/feishu-extension-skills.git feishu-extension-skills invoke \x3Caction> --args-json '\x3Cjson>'
ClawHub 安装:
clawhub install feishu-chat-server-api
本地配置文件示例:
{
"app_id": "cli_xxx",
"app_secret": "sec_xxx"
}
示例:
uvx --from git+https://github.com/wodenwang/feishu-extension-skills.git feishu-extension-skills invoke feishu-chat-create --args-json '{"app_id":"cli_xxx","app_secret":"sec_xxx","name":"项目临时群","user_id_list":["ou_xxx","ou_yyy"]}'
uvx --from git+https://github.com/wodenwang/feishu-extension-skills.git feishu-extension-skills invoke feishu-chat-member-add --args-json '{"app_id":"cli_xxx","app_secret":"sec_xxx","chat_id":"oc_xxx","user_id_list":["ou_xxx"]}'
当前未覆盖
这个 skill 当前还没有封装以下群治理接口:
- 更新群信息
- 更新群发言权限
- 获取群成员发言权限
- 更新群置顶 / 撤销群置顶
- 获取用户或机器人所在的群列表
- 搜索可见群列表
- 获取群分享链接
Usage Guidance
What to check before installing:
- Confirm which CLI is required: the SKILL.md uses 'uvx' but the manifest/install references 'uv' — verify the correct binary and its origin.
- Inspect the GitHub repository (https://github.com/wodenwang/feishu-extension-skills) before use: the runtime examples pull and execute code from that repo (git+https). Running externally fetched code with your Feishu credentials could exfiltrate secrets.
- Avoid passing app_secret on the command line; prefer environment variables or a secured config file, and protect local config (.local/feishu-extension-skills.json).
- Verify the brew formula 'uv' is the intended, trusted package and whether it provides 'uvx' behavior; if not, the install spec is incomplete/misleading.
- If you need stronger assurance, ask the publisher for the exact code bundle the skill will execute (or include the code in the skill package) and ensure the agent runs it in a restricted environment. Until these issues are resolved, treat this skill as potentially risky and consider not enabling autonomous invocation.
Capability Analysis
Type: OpenClaw Skill
Name: feishu-chat-server-api
Version: 0.1.3
The skill acts as a wrapper that instructs the agent to execute remote code via 'uvx' from a GitHub repository (github.com/wodenwang/feishu-extension-skills.git) rather than providing local logic. While this behavior is plausibly intended for its stated purpose of Feishu API management, the pattern of fetching and running remote payloads at runtime is a high-risk execution model that facilitates supply chain attacks. No explicit malicious intent or data exfiltration was found in the provided SKILL.md or _meta.json.
Capability Assessment
Purpose & Capability
The skill claims to manage Feishu chats and expects Feishu app_id/app_secret at runtime, which is appropriate. However registry metadata requires the 'uv' binary while the runtime examples call 'uvx' (different binary). The skill also does not declare FEISHU_APP_ID/FEISHU_APP_SECRET in its manifest even though SKILL.md references them as credential fallbacks. These mismatches reduce confidence that the declared requirements accurately reflect what will actually run.
Instruction Scope
SKILL.md instructs calls like `uvx --from git+https://github.com/wodenwang/feishu-extension-skills.git ... invoke <action> --args-json '<json>'`. That means the agent will fetch and execute code from a GitHub repo at runtime rather than using only the shipped skill bundle. The docs also show passing app_secret on the command line (exposed to shell history/process list). The skill instructs where to read credentials (explicit args, .local/feishu-extension-skills.json, or ENV), which is reasonable, but the dynamic fetching+execution of remote code combined with CLI-passed secrets is a notable risk.
Install Mechanism
The manifest provides a brew install for formula 'uv' (low-risk installer), but the runtime examples call 'uvx' and use a --from git+https source to pull the extension at invocation time. The install spec does not cover the dynamic git+https fetch; executing code pulled from a remote repository at runtime increases attack surface. Also the referenced brew formula name and the binary name used in examples don't match.
Credentials
The only credentials needed for Feishu operations are app_id/app_secret, which the SKILL.md documents as required in either arguments, a local config file, or environment variables — this is proportionate. However the manifest does not declare FEISHU_APP_ID/FEISHU_APP_SECRET even though the instructions reference them. Also the examples encourage passing secrets in command-line JSON, which risks exposure (shell history, process list).
Persistence & Privilege
The skill does not request always:true and is user-invocable only (good). However the agent is allowed to invoke the skill autonomously (default), and because the skill's instructions fetch and run remote code, autonomous invocation would increase blast radius. Consider limiting autonomous use until the external code provenance is verified.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install feishu-chat-server-api - After installation, invoke the skill by name or use
/feishu-chat-server-api - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.3
Add --config-file support for local auth config
v0.1.2
Add local config fallback for app credentials
v0.1.1
Sanitize docs and localize UAT secrets handling
v0.1.0
Initial ClawHub release for Feishu Chat Server API
Metadata
Frequently Asked Questions
What is Feishu Chat Server API?
Manage Feishu group chats through Feishu server APIs, including create, get details, list members, add members, remove members, and disband chats. It is an AI Agent Skill for Claude Code / OpenClaw, with 129 downloads so far.
How do I install Feishu Chat Server API?
Run "/install feishu-chat-server-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Feishu Chat Server API free?
Yes, Feishu Chat Server API is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Feishu Chat Server API support?
Feishu Chat Server API is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Feishu Chat Server API?
It is built and maintained by woden (@wodenwang); the current version is v0.1.3.
More Skills