← Back to Skills Marketplace
98
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install feishu-chatfile-skill
Description
飞书发送本地图片和文件技能。支持向飞书私聊(ou_)和群聊(oc_)发送图片(JPEG/PNG/WEBP 等)及文件(PDF/HTML/ZIP 等)。采用官方推荐的两步法(上传获取 key -> 发送消息),确保内容在飞书客户端正常显示并获得最佳体验。
README (SKILL.md)
飞书发图片 & 文件 Skill
强制规则(Feishu channel)
- 任务产出了图片,必须主动发送到当前会话,不等用户催促。
- 用户说"发给我/群里看图"时,必须走脚本,不能只返回本地路径。
- 发送后记录
code、msg、message_id用于排查。
关键:receive_id 前缀判断
| 前缀 | receive_id_type | 场景 |
|---|---|---|
ou_... |
open_id |
私聊(单人) |
oc_... |
chat_id |
群聊 |
脚本已自动判断,不需要手动传 type。
获取凭据
从 OpenClaw 配置读取 app_id / app_secret:
grep -A 2 '"feishu"' /root/.openclaw/openclaw.json | grep -E '(appId|appSecret)'
从 context inbound_meta 获取 receive_id(去掉 user: 前缀保留 ou_... 部分)。
发送图片
方式一:用脚本(推荐)
python3 skills/feishu-send-file/scripts/send_image.py \x3Cimage_path> \x3Creceive_id> \x3Capp_id> \x3Capp_secret> [domain]
参数说明:
image_path:要发送的图片路径(JPEG/PNG/WEBP/GIF/TIFF/BMP/ICO)receive_id:接收者 ID,支持ou_...(私聊)或oc_...(群聊),脚本自动判断类型app_id:飞书应用 ID(从openclaw.json的channels.feishu.appId读取)app_secret:飞书应用密钥(从openclaw.json的channels.feishu.appSecret读取)domain:可选,默认feishu;国际版 Lark 传lark
示例:
# 发个人(ou_...)
python3 skills/feishu-send-file/scripts/send_image.py ./chart.png ou_xxx $APP_ID $APP_SECRET
# 发群(oc_...)
python3 skills/feishu-send-file/scripts/send_image.py ./chart.png oc_xxx $APP_ID $APP_SECRET
# 国际版 Lark
python3 skills/feishu-send-file/scripts/send_image.py ./chart.png ou_xxx $APP_ID $APP_SECRET lark
完整路径示例:
python3 /root/.openclaw/workspace/skills/feishu-send-file/scripts/send_image.py \
/root/myfiles/generated-images/demo.png \
\x3CUSER_RECEIVE_ID> \
\x3CYOUR_APP_ID> \
\x3CYOUR_APP_SECRET>
发送文件
方式一:用脚本(推荐)
python3 skills/feishu-send-file/scripts/send_file.py \x3Cfile_path> \x3Creceive_id> \x3Capp_id> \x3Capp_secret> [file_name]
参数说明:
file_path:要发送的文件路径(HTML/PDF/ZIP/代码文件等)receive_id:接收者 ID,支持ou_...(私聊)或oc_...(群聊),脚本自动判断类型app_id:飞书应用 ID(从openclaw.json的channels.feishu.appId读取)app_secret:飞书应用密钥(从openclaw.json的channels.feishu.appSecret读取)file_name:可选,自定义文件名(不填则用原文件名)
示例:
# 发个人
python3 skills/feishu-send-file/scripts/send_file.py ./report.pdf ou_xxx $APP_ID $APP_SECRET
# 发群
python3 skills/feishu-send-file/scripts/send_file.py ./report.pdf oc_xxx $APP_ID $APP_SECRET
完整路径示例:
python3 /root/.openclaw/workspace/skills/feishu-send-file/scripts/send_file.py \
/root/myfiles/report.html \
\x3CUSER_RECEIVE_ID> \
\x3CYOUR_APP_ID> \
\x3CYOUR_APP_SECRET> \
report.html
方式二:手动两步
Step 1 - 上传文件:
TOKEN=$(curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \
-H "Content-Type: application/json" \
-d '{"app_id":"\x3CAPP_ID>","app_secret":"\x3CAPP_SECRET>"}' | python3 -c "import json,sys; print(json.load(sys.stdin)['tenant_access_token'])")
FILE_KEY=$(curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/files" \
-H "Authorization: Bearer $TOKEN" \
-F "file_type=stream" \
-F "file_name=\x3C文件名>" \
-F "file=@\x3C文件路径>" | python3 -c "import json,sys; print(json.load(sys.stdin)['data']['file_key'])")
Step 2 - 发送消息:
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"receive_id\":\"\x3COPEN_ID>\",\"msg_type\":\"file\",\"content\":\"{\\\"file_key\\\":\\\"$FILE_KEY\\\"}\"}"
脚本底层逻辑说明
发送原理
飞书消息链路中,发送文件或图片的最佳方式是采用“两步法”:
- 先上传:将本地文件上传到
im/v1/files或im/v1/images,获取持久化的file_key或image_key。 - 后发送:调用
im/v1/messages接口,指定msg_type为file或image并携带对应的 Key。
直接传递本地路径字符串到消息接口通常会导致客户端只显示路径文本。本脚本通过自动化这两步流程,确保用户在飞书里实际看到图片本体或可预览的文件。
普通文件 vs 图片的链路区别
- 普通文件:
im/v1/files->file_key->msg_type=file - 图片:
im/v1/images->image_key->msg_type=image
脚本会自动处理这些差异。
排查
- 发送失败先看
code/msg - 群发失败检查:机器人已入群 + send_message 权限 + 使用正确的
oc_chat_id oc_...误当open_id发必定报错- 不要把本地路径回显误判为发送成功
- 飞书 file_type 用
stream适用于所有普通文件类型
Usage Guidance
This skill implements Feishu two-step upload->send and the scripts look legitimate for that purpose, but there are some red flags you should consider before enabling it:
- The SKILL.md tells the agent to read /root/.openclaw/openclaw.json to extract app_id/app_secret, but the skill metadata does not declare any required credentials. That means the skill will access agent configuration to obtain secrets without having made that need explicit.
- The scripts use curl (via subprocess) and require python3; the registry entry doesn't list these dependencies. Ensure your runtime provides these binaries if you plan to use it.
- The skill can send arbitrary local files/images to Feishu using the app credentials it obtains. If the agent is allowed to run autonomously, this capability could be used to exfiltrate sensitive files. Consider whether you trust the agent and the Feishu destination IDs it will use.
Recommendations:
- Only enable this skill if you trust the skill source and the Feishu app owner. Prefer to supply explicit, scoped credentials rather than letting the skill read agent-wide config.
- Restrict which files the agent may send (e.g., sandbox generated outputs only) and audit sent message logs.
- If you need stronger control, disable autonomous invocation for the agent or require explicit user confirmation before sending files.
- Ask the publisher to update metadata to declare required credentials and binaries, and to remove or clarify the mandated automatic-send rule if undesired.
Capability Analysis
Type: OpenClaw Skill
Name: feishu-chatfile-skill
Version: 1.0.0
The skill bundle provides a legitimate utility for sending local files and images to Feishu or Lark chat sessions. It includes Python scripts (`send_file.py`, `send_image.py`) that utilize official Feishu/Lark APIs and provides instructions in `SKILL.md` for the AI agent to retrieve the necessary credentials from the local OpenClaw configuration. While the scripts use `subprocess` to call `curl` for multipart file uploads, the implementation is consistent with the stated purpose and lacks indicators of malicious intent, obfuscation, or unauthorized data exfiltration.
Capability Assessment
Purpose & Capability
Name/description claim: send local images/files to Feishu chats. The included scripts implement exactly that (upload -> send). However the SKILL.md instructs the agent to read /root/.openclaw/openclaw.json to obtain app_id/app_secret and to proactively send produced images; the skill metadata declares no required credentials or binaries. Missing declarations (credentials, use of curl/python) are disproportionate to the registry metadata and reduce transparency.
Instruction Scope
SKILL.md directs reading the OpenClaw config file (/root/.openclaw/openclaw.json via grep) and extracting app_id/app_secret; it also mandates proactively sending images in the Feishu channel without explicit user prompting. These instructions extend beyond a passive helper: they access agent configuration and instruct autonomous outbound transmission of local files/images.
Install Mechanism
No install spec (instruction-only + two scripts). That is low-risk from install mechanics — nothing is downloaded at install time. Note: scripts call curl via subprocess, but no install is performed by the skill itself.
Credentials
The scripts require an app_id and app_secret to fetch a tenant token and to send files — reasonable for Feishu integration — but the skill metadata lists no required env vars and no primary credential. SKILL.md also tells the agent to read a sensitive config path to obtain those credentials. This is an undeclared, non-transparent request for privileged credentials and access to agent config.
Persistence & Privilege
always:false (good), and autonomous invocation is allowed (platform default). Combined with the mandatory rule to proactively send images and the ability to read agent config and send arbitrary local files, this increases risk: an autonomously-invoked agent could exfiltrate files using credentials from the agent config. The skill does not modify other skills or request persistent installation, but its operational instructions grant it meaningful outbound capability.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install feishu-chatfile-skill - After installation, invoke the skill by name or use
/feishu-chatfile-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of feishu-send-file skill — send images and files to Feishu chats with the recommended two-step API process.
- Enables sending local images (JPEG, PNG, WEBP, etc.) and files (PDF, HTML, ZIP, etc.) to both private chats (ou_) and group chats (oc_) in Feishu.
- Uses the official two-step method (upload to get key → send message) to ensure correct display in the client.
- Automatically determines receive_id_type based on the receive_id prefix; no need to specify type manually.
- Credentials (app_id, app_secret) are sourced from OpenClaw configuration.
- Provides both script-based (recommended) and manual command-line instructions for sending images/files.
- Includes troubleshooting tips and best practices for reliable file/image delivery.
Metadata
Frequently Asked Questions
What is feishu-chatfile-skill?
飞书发送本地图片和文件技能。支持向飞书私聊(ou_)和群聊(oc_)发送图片(JPEG/PNG/WEBP 等)及文件(PDF/HTML/ZIP 等)。采用官方推荐的两步法(上传获取 key -> 发送消息),确保内容在飞书客户端正常显示并获得最佳体验。 It is an AI Agent Skill for Claude Code / OpenClaw, with 98 downloads so far.
How do I install feishu-chatfile-skill?
Run "/install feishu-chatfile-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is feishu-chatfile-skill free?
Yes, feishu-chatfile-skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does feishu-chatfile-skill support?
feishu-chatfile-skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created feishu-chatfile-skill?
It is built and maintained by calm (@shouldnotappearcalm); the current version is v1.0.0.
More Skills