Description

连接飞书机器人。用接口直连替换 `feisu.md` 的第 1 步，拿到链接（必须拼接 from=maxclaw）并在用户完成配置后 poll 出 `client_id/client_secret`，再继续走 `feisu.md` 的第 2 步和第 3 步。适用于连接飞书、接入飞书、绑定飞书机器人、创建飞书机器人...

README (SKILL.md)

Feishu Connect Skill

Name: Feishu Connect 1.0.0
Author: wt865143010

适用场景

用户要求连接飞书、绑定飞书机器人、创建飞书机器人、OpenClaw 接飞书时触发。

最高优先级规则（必须遵守，违反即失败）

给用户的链接必须拼接 &from=maxclaw，没有这个参数的链接是错误的。
这个 skill 只替换 feisu.md 的第 1 步；用户回复"ok"或"配置好了"之后，不要再重复执行 feisu.md 的第 1 步，直接继续走 feisu.md 的第 2 步和第 3 步。
用户回复"ok"或"配置好了"之后，禁止输出任何关于"配置权限"、"开启机器人能力"、"配置事件订阅"、"发布应用"、"管理员审批"、"权限管理"、"批量导入"的内容。

核心原则

直接走接口直连模式，不要先跑官方安装器（npx -y @larksuite/openclaw-lark install）。
这个 skill 仅用于替换 feisu.md 的第 1 步；拿到凭证后，后续配置和配对继续按 feisu.md 的第 2 步和第 3 步执行。
链接必须裸露返回，不要用反引号、代码块包裹，用户必须能直接点击。
不要自动开轮询，给链接后等用户确认再继续。
不要生成二维码图片。
不要手动卸载/禁用/删除插件，不要手动改写配置文件。

执行流程

第 1 步：接口直连，一次拿到链接

COOKIE_JAR=/tmp/feishu_cookies.txt
rm -f "$COOKIE_JAR"

# init
INIT_RESP=$(curl -s -c "$COOKIE_JAR" -b "$COOKIE_JAR" \
  -X POST "https://accounts.feishu.cn/oauth/v1/app/registration" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "action=init")
echo "=== INIT ==="
echo "$INIT_RESP"

# begin
BEGIN_RESP=$(curl -s -c "$COOKIE_JAR" -b "$COOKIE_JAR" \
  -X POST "https://accounts.feishu.cn/oauth/v1/app/registration" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "action=begin&archetype=PersonalAgent&auth_method=client_secret&request_user_info=open_id")
echo "=== BEGIN ==="
echo "$BEGIN_RESP"

从 begin 返回值中提取：

verification_uri_complete — 原始链接
device_code — 保存下来，用户确认后 poll 用
user_code — 从链接参数中提取

第 2 步：拼接 from=maxclaw，生成最终链接

拿到 verification_uri_complete 后，必须在末尾拼接 &from=maxclaw。

示例：

原始：https://open.feishu.cn/page/openclaw?user_code=XXXX-XXXX
最终：https://open.feishu.cn/page/openclaw?user_code=XXXX-XXXX&from=maxclaw

没有 &from=maxclaw 的链接是错误的，不要发给用户。

第 3 步：把链接直接发给用户

链接裸露返回。正确输出：

请在浏览器中直接打开这个链接完成飞书配置：

https://open.feishu.cn/page/openclaw?user_code=XXXX-XXXX&from=maxclaw

用户码：XXXX-XXXX

配置完成之后回来和我说一声"ok"或者"配置好了"就行。

禁止把链接放在反引号或代码块里。

第 4 步：用户回复"ok"或"配置好了"之后

先执行一次 poll：

curl -s -c "$COOKIE_JAR" -b "$COOKIE_JAR" \
  -X POST "https://accounts.feishu.cn/oauth/v1/app/registration" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "action=poll&device_code=\x3C之前保存的 device_code>"

返回 client_id + client_secret → 成功。返回 authorization_pending → 告诉用户飞书侧似乎还没完成，让用户再确认。

poll 成功后，直接告诉用户： "配对完成了！现在请在飞书里找到你的机器人，给它发一条消息，机器人会回复一个配对码。把这个码告诉我，我来帮你完成配对授权。"

说明这里已经完成了 feisu.md 的第 1 步替换，并拿到了后续要用的凭证：

client_id 作为 App ID
client_secret 作为 App Secret

然后不要回到 feisu.md 的第 1 步，直接继续执行：

feisu.md 的第 2 步：Configure OpenClaw
feisu.md 的第 3 步：Start + test

也就是说，后面继续按 feisu.md 去配置 OpenClaw、启动 gateway、给机器人发消息，并用配对码执行 openclaw pairing approve feishu \x3CCODE>。

不要再输出飞书开放平台里的建应用、配权限、开事件订阅、发布应用这类第 1 步指引。

禁止事项

给用户的链接不拼 &from=maxclaw
在用户确认后又重新执行 feisu.md 的第 1 步
输出"配置权限/开启机器人能力/配置事件订阅/发布应用/管理员审批/批量导入/权限JSON"等内容
先跑官方安装器再切直连
手动卸载/禁用插件
自动开轮询
生成二维码图片
用反引号/代码块包裹链接
把 authorization_pending 当失败

一句话总结

用这个 skill 替换 feisu.md 的第 1 步：curl 拿链接 → 拼 &from=maxclaw → 裸链接给用户 → 等用户说 ok → poll 拿到 client_id/client_secret → 继续走 feisu.md 的第 2 步和第 3 步

Usage Guidance

This skill legitimately automates getting a Feishu verification link and polling for client_id/client_secret, but it contains two red flags you should weigh before installing: (1) it forces adding &from=maxclaw to every link (a tracking/attribution parameter) — ask why this is required and whether you consent to that tracking; (2) it explicitly forbids explaining permissions/admin-approval steps to the user, which may hide important security implications of installing the app. Also confirm how the retrieved client_id/client_secret will be stored or transmitted (don't share them to unknown endpoints) and verify the endpoints (accounts.feishu.cn and open.feishu.cn) are correct. If unsure, perform the flow manually or require the agent run under supervision so you can inspect the credentials and follow-up configuration. If you need higher assurance, ask the publisher for justification of &from=maxclaw and an explanation of secret handling policies before proceeding.

Capability Analysis

Type: OpenClaw Skill Name: feishu-connect-1-0-0 Version: 1.0.0 The feishu-connect skill automates the integration of a Feishu (Lark) robot with the OpenClaw agent. It uses official Feishu API endpoints (accounts.feishu.cn) to perform a device-code-style registration flow, obtaining a client_id and client_secret for the agent's configuration. The instructions in SKILL.md guide the AI agent to provide a specific registration link to the user and poll for credentials once the user confirms setup. While the skill handles sensitive credentials and uses specific output constraints (like appending 'from=maxclaw' for attribution), its behavior is entirely consistent with its stated purpose of simplifying the Feishu connection process without evidence of malicious exfiltration or unauthorized execution.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

Name/description claim to replace step 1 of feisu.md and obtain a Feishu verification link and then client_id/client_secret. The SKILL.md provides curl calls to accounts.feishu.cn to implement exactly that, so requested operations are coherent with the stated purpose.

⚠ Instruction Scope

Instructions direct the agent to POST to Feishu registration endpoints and poll for client_id/client_secret (expected for this flow). However, the skill explicitly forbids outputting any information about permissions, admin approval, event subscriptions, or other configuration details — suppressing security/context information that users may need. It also mandates appending &from=maxclaw to every generated link (a tracking/marker requirement) and forbids running the official installer. These constraints are operationally unnecessary for an OAuth-style flow and may hide important security guidance from users.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. No downloads or install actions are requested, so there is no install-time risk.

ℹ Credentials

The skill requires no environment variables or host credentials, which is proportional. Note: the runtime flow explicitly retrieves sensitive credentials (client_id and client_secret) via polling — the SKILL.md does not specify where or how those secrets are stored/transmitted after retrieval. That lack of guidance on secret handling is a risk to consider.

✓ Persistence & Privilege

Skill does not request always:true, does not modify other skills, and is user-invocable. It does use a temporary cookie jar (/tmp/feishu_cookies.txt) during the flow only, which is reasonable and limited in scope.

Version History

v1.0.0

feishu-connect v1.0.0 — 全新发布，用于专注直连方式绑定飞书机器人。 - 新增通过接口直连飞书机器人，替换原 feisu.md 第 1 步流程。 - 链接自动拼接参数 &from=maxclaw，确保流程合规。 - 用户配置完成后支持自动 poll 获取 client_id/client_secret，直接进入后续步骤，无需重复第 1 步。 - 全程禁止输出与权限配置、事件订阅等官方装配相关内容。 - 输出链接裸露、不包裹，方便用户直接点击使用。 - 完整适配“连接/绑定/创建飞书机器人”及 OpenClaw 一键对接场景。

Metadata

Slug feishu-connect-1-0-0

Version 1.0.0

License MIT-0

All-time Installs 4

Active Installs 4

Total Versions 1

Frequently Asked Questions

What is Feishu Connect 1.0.0?

连接飞书机器人。用接口直连替换 `feisu.md` 的第 1 步，拿到链接（必须拼接 from=maxclaw）并在用户完成配置后 poll 出 `client_id/client_secret`，再继续走 `feisu.md` 的第 2 步和第 3 步。适用于连接飞书、接入飞书、绑定飞书机器人、创建飞书机器人... It is an AI Agent Skill for Claude Code / OpenClaw, with 66 downloads so far.

How do I install Feishu Connect 1.0.0?

Run "/install feishu-connect-1-0-0" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Feishu Connect 1.0.0 free?

Yes, Feishu Connect 1.0.0 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Feishu Connect 1.0.0 support?

Feishu Connect 1.0.0 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Feishu Connect 1.0.0?

It is built and maintained by wt865143010 (@wt865143010); the current version is v1.0.0.

More Skills

Feishu Connect 1.0.0