← Back to Skills Marketplace
Swarm Control Feishu
by
yubinsheng
· GitHub ↗
· v2.0.0
· MIT-0
152
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install swarm-control-feishu
Description
一键配置飞书智能体集群,支持多 agent 并行、语音服务、全权限控制
Usage Guidance
Do not run deploy.sh or start-voice-service.sh blindly. Key risks:
- This skill intentionally disables sandboxing and grants agents full exec and filesystem access, and enables 'elevated' actions from Feishu/webchat — meaning remote users could cause arbitrary commands to run on the host.
- deploy.sh attempts to add a passwordless sudoers entry for user 'lehua' (lehua ALL=(ALL) NOPASSWD: ALL). That elevates privilege permanently and is unsafe.
- start-voice-service.sh will write a Python service to /tmp, install packages via pip globally (no virtualenv), enable CORS=* and run an HTTP endpoint — all increasing exposure.
- The documentation suggests pushing configs to GitHub; openclaw-config.json contains API keys and secrets and would leak them if published.
What to do before installing:
1. Review every file line-by-line (especially scripts/deploy.sh and files/openclaw-config.json). Fix obvious bugs (the deploy script has a malformed line) and remove or modify unsafe defaults.
2. Never enable sandbox: off, fs.workspaceOnly=false, exec.ask=off, or tools.profile=full unless you fully accept the host compromise risk. Prefer least-privilege settings.
3. Do NOT apply the sudoers change. If you need privileged actions, use carefully-scoped sudoers entries for your specific username or use an alternative elevation mechanism, and avoid NOPASSWD for broad commands.
4. Run the voice service in an isolated environment (container or virtualenv) and avoid global pip installs. Restrict CORS and bind to localhost if not needed externally.
5. Replace hard-coded username 'lehua' with your actual username or make the script prompt for the correct user; verify file paths are correct for your environment.
6. Keep secrets out of repo/config files; use secure secret storage or environment variables with appropriate metadata declared. Do not publish the filled config to GitHub.
7. If you want to test, do so inside a disposable VM or container to limit blast radius. If you are not comfortable auditing and mitigating these issues, avoid installing this skill in production systems.
Capability Analysis
Type: OpenClaw Skill
Name: swarm-control-feishu
Version: 2.0.0
The skill bundle configures an extremely permissive environment by disabling all sandboxing, allowing unrestricted command execution without user confirmation (exec.security: full, ask: off), and granting full filesystem access (fs.workspaceOnly: false) in files/openclaw-config.json. Most critically, scripts/deploy.sh attempts to grant passwordless sudo privileges to a specific user by modifying /etc/sudoers.d/lehua. Furthermore, files/AGENTS.md explicitly instructs the AI agents that they have 'FULL ACCESS' and should execute system commands autonomously via curl and exec tools. While these actions are framed as features for managing a Feishu agent swarm, the combination of privilege escalation and lack of oversight represents a significant security risk.
Capability Assessment
Purpose & Capability
The skill's stated purpose (full-permission Feishu agent swarm) matches what the scripts and config do: they disable sandboxing, set tools.profile to 'full', set exec.security to 'full' and ask='off', set fs.workspaceOnly=false, enable agent-to-agent and session visibility=all, and configure elevated privileges for feishu/webchat. Those capabilities are highly privileged and beyond what a safe default deployment would need; while coherent with the advertised '全权限' claim, they are disproportionately powerful and risky for most users.
Instruction Scope
SKILL.md directs the user to copy openclaw-config.json and run scripts (deploy.sh, start-voice-service.sh). The scripts perform system-level changes: overwrite ~/.openclaw/openclaw.json, create workspaces, copy AGENTS.md into multiple locations, attempt to write a sudoers file to /etc/sudoers.d (passwordless sudo for user 'lehua'), install Python packages via pip, write and run a Python web service with CORS=* and open endpoints. The instructions do not require nor warn about these broad system and privilege changes.
Install Mechanism
There is no formal install spec (instruction-only), but included scripts write files to disk, create a Python service under /tmp, and run pip install (fastapi, uvicorn, python-multipart) without a virtualenv. That is moderately risky (global package installation, persistent files and services) but not unusual for local deployment scripts. The scripts do not download code from external, untrusted URLs.
Credentials
The skill metadata lists no required env vars, yet the included openclaw-config.json expects multiple sensitive secrets (LLM API keys, Feishu App IDs/Secrets, gateway auth token) which the deploy script will copy into ~/.openclaw/openclaw.json. More importantly, the configuration exposes insecure defaults (controlUi.allowInsecureAuth=true, gateway.bind=lan, allowedOrigins placeholders) and grants 'allowFrom': ['*'] for elevated actions — requesting no credentials in metadata but instructing the user to place secrets in files is an inconsistency and increases risk of accidental leakage (e.g., pushing configs to GitHub as the publish docs suggest).
Persistence & Privilege
The skill does not set always:true, but its install/runtime steps attempt permanent, high-privilege changes: copying configuration into the agent's config path, creating workspaces, copying agent policies to workspace folders, installing and starting a persistent voice service, and attempting to add a passwordless sudoers entry for a hard-coded username ('lehua'). These changes grant long-lived host-level privileges and remote command capability to agents and Feishu/webchat users if applied.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install swarm-control-feishu - After installation, invoke the skill by name or use
/swarm-control-feishu - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Swarm-control-feishu v2.0.0 is a major upgrade for Feishu multi-agent management:
- Complete project restructure: simplified, focused directory; obsolete files and legacy code removed.
- All configuration now via `files/openclaw-config.json` and unified scripts for setup, workspace, voice, and deployment.
- Multi-agent, multi-project support: automatic setup for main agent plus project agents (main, xg, xc, xd); all support child agents and concurrent tasking.
- Full admin privileges by default, including sandbox OFF, maximum tool rights, and sudo-free elevation across Feishu & webchat.
- Built-in voice service integration: one-command start, all agents auto-detect and use speech-to-text.
- Refined documentation: clearer step-by-step quickstart, config templates, and complete permission/feature explanations.
v1.1.3
更新版本支持范围:明确支持 OpenClaw 2026.3.31 - 2026.4.2,添加 maxOpenClawVersion 字段
v1.1.2
新增飞书消息回复方式配置文档:replyInThread、groupPolicy、dmPolicy、requireMention 等详细说明和配置示例
v1.1.1
更新多环境支持文档:添加 Linux、macOS、WSL2、Windows 原生、Android Termux 的详细安装指南和故障排除
v1.1.0
一键部署多智能体集群,飞书全权限免授权,手机远程指挥 AI 团队,打造一人集团级开发能力。
Metadata
Frequently Asked Questions
What is Swarm Control Feishu?
一键配置飞书智能体集群,支持多 agent 并行、语音服务、全权限控制. It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.
How do I install Swarm Control Feishu?
Run "/install swarm-control-feishu" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Swarm Control Feishu free?
Yes, Swarm Control Feishu is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Swarm Control Feishu support?
Swarm Control Feishu is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Swarm Control Feishu?
It is built and maintained by yubinsheng (@yubinsheng); the current version is v2.0.0.
More Skills