← Back to Skills Marketplace

飞书图片消息

Name: 飞书图片消息
Author: imbing

by BING · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

478

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install feishu-img-msg

Description

飞书图片消息操作技能，当触发飞书发送图片时自动调用本技能。支持上传图片、发送图片消息、获取图片内容。 Activate when user mentions: 飞书发图、发送图片、上传图片、获取图片、下载图片、image_key。

README (SKILL.md)

飞书图片消息操作技能

本技能提供飞书图片消息的完整操作能力，包括上传、发送、获取图片。

功能

功能	命令	说明
上传图片	`feishu-img-msg upload`	上传本地图片到飞书，返回 image_key
发送图片	`feishu-img-msg send`	发送图片到指定会话（支持文件路径或 image_key）
获取图片	`feishu-img-msg get`	下载飞书图片到本地
查看图片	`feishu-img-msg view`	获取图片信息（返回 base64 供 AI 查看）

快速使用

1. 发送本地图片到会话

# 直接发送本地图片文件
python3 ~/.openclaw/workspace/skills/feishu-img-msg/scripts/feishu_image.py \
  send \
  --chat-id "oc_xxxxx" \
  --file "/path/to/image.jpg"

2. 上传图片获取 image_key

# 上传图片，返回 image_key
python3 ~/.openclaw/workspace/skills/feishu-img-msg/scripts/feishu_image.py \
  upload \
  --file "/path/to/image.png"

3. 用 image_key 发送图片

# 使用已有的 image_key 发送
python3 ~/.openclaw/workspace/skills/feishu-img-msg/scripts/feishu_image.py \
  send \
  --chat-id "ou_xxxxx" \
  --image-key "img_xxxxx"

4. 下载图片

# 下载飞书图片到本地
python3 ~/.openclaw/workspace/skills/feishu-img-msg/scripts/feishu_image.py \
  get \
  --image-key "img_xxxxx" \
  --output "/path/to/save.jpg"

5. 查看图片内容（AI 可读）

# 获取图片 base64，用于 AI 分析
python3 ~/.openclaw/workspace/skills/feishu-img-msg/scripts/feishu_image.py \
  view \
  --image-key "img_xxxxx"

参数说明

send 命令

参数	必填	说明
`--chat-id`	✅	接收者 ID（群聊 oc_ 开头，用户 ou_ 开头）
`--file`	二选一	本地图片文件路径
`--image-key`	二选一	已上传的 image_key
`--chat-type`	否	会话类型：`group`(默认) 或 `user`
`--account`	否	飞书账户名（默认 main）

upload 命令

参数	必填	说明
`--file`	✅	本地图片文件路径
`--account`	否	飞书账户名（默认 main）

get 命令

参数	必填	说明
`--image-key`	✅	图片的 image_key
`--output`	✅	保存路径
`--account`	否	飞书账户名（默认 main）

view 命令

参数	必填	说明
`--image-key`	✅	图片的 image_key
`--account`	否	飞书账户名（默认 main）

支持的图片格式

JPEG (.jpg, .jpeg)
PNG (.png)
GIF (.gif)
BMP (.bmp)
WebP (.webp)

文件大小限制：单张图片最大 30MB

权限要求

Scope	用途
`im:resource`	上传图片、获取图片
`im:message`	发送消息
`im:message:send_as_bot`	以机器人身份发送

常见问题

图片发送失败

检查 chat-id 类型
- 群聊 ID 以 oc_ 开头，chat_type 设为 group
- 用户 ID 以 ou_ 开头，chat_type 设为 user
检查图片格式
- 支持常见图片格式
- 确保文件未损坏
检查权限
- 机器人需要已加入目标群聊
- 机器人需要与用户有单聊会话

token 过期

脚本会自动刷新 tenant_access_token，如仍报错：

错误码 99991400 - token 过期，稍后重试
错误码 99991401 - token 无效，检查 app 配置

参考文档

飞书上传图片 API: https://open.feishu.cn/document/server-docs/im-v1/image/create
飞书获取图片 API: https://open.feishu.cn/document/server-docs/im-v1/image/get
飞书发送消息 API: https://open.feishu.cn/document/server-docs/im-v1/message/create

Usage Guidance

Before installing or enabling: 1) Know that the script reads your OpenClaw config at ~/.openclaw/openclaw.json to obtain Feishu app_id/app_secret — ensure you are comfortable granting the skill access to those credentials and that the file only contains expected values. 2) The script disables SSL verification (SSL_CONTEXT.verify_mode = ssl.CERT_NONE), which can expose network traffic to man-in-the-middle attacks; consider removing or fixing this behavior before use. 3) Ask the publisher to update the metadata/SKILL.md to explicitly declare the config path and credential requirements (or switch to using well-scoped environment variables) so you can make an informed trust decision. 4) If you cannot review or trust the code origin, run the script in a restricted environment (sandbox or container) and avoid using production credentials; create a Feishu test app with minimal scopes to limit blast radius.

Capability Analysis

Type: OpenClaw Skill Name: feishu-img-msg Version: 1.0.0 The skill is classified as suspicious due to a critical security vulnerability: the `scripts/feishu_image.py` script explicitly disables SSL certificate verification (`SSL_CONTEXT.check_hostname = False`, `SSL_CONTEXT.verify_mode = ssl.CERT_NONE`) for all network requests. This makes the skill vulnerable to Man-in-the-Middle (MITM) attacks, potentially allowing an attacker to intercept or tamper with Feishu API communications and compromise credentials or data. Additionally, the script directly uses user-provided file paths for `--file` and `--output` arguments without robust sanitization, which could lead to arbitrary file read/write if the AI agent's input handling is not secure. There is no evidence of intentional malicious behavior, but these vulnerabilities pose significant risks.

Capability Assessment

ℹ Purpose & Capability

The code implements upload/send/get/view for Feishu images which matches the skill name and description. However, the skill metadata declared no required credentials or config paths, while the script actually requires Feishu app_id/app_secret stored in the OpenClaw config (~/.openclaw/openclaw.json). That credential dependency is reasonable for Feishu integration but is not declared.

⚠ Instruction Scope

SKILL.md shows command-line usage only and does not state that the script will read the user's OpenClaw configuration file for credentials. The script's load_feishu_config() reads ~/.openclaw/openclaw.json and expects appId/appSecret — this file access is not documented in the metadata (config paths = none).

✓ Install Mechanism

No install spec (instruction-only) and no downloads are present. The skill is provided as a script file; nothing in the package attempts to install external code or fetch third-party archives.

⚠ Credentials

The package declares no required environment variables or primary credential, yet the script requires Feishu credentials (app_id/app_secret) read from a local OpenClaw config file. This is a mismatch: the skill will access sensitive credentials that the registry metadata does not surface. The number of secrets requested is appropriate for the stated purpose, but their presence and location should be declared.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and runs only when invoked. It reads and writes files provided by the user (uploads local images, saves downloaded images) which is expected behavior.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install feishu-img-msg
After installation, invoke the skill by name or use /feishu-img-msg
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

feishu-img-msg 1.0.0 - Initial release with full Feishu image message operations. - Supports uploading, sending, fetching, downloading, and viewing images via CLI commands. - Handles both local image files and Feishu image_key usage. - Clear instructions and parameter guidance for all commands. - Includes FAQ for troubleshooting and documents required permissions.

Metadata

Slug feishu-img-msg

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is 飞书图片消息?

飞书图片消息操作技能，当触发飞书发送图片时自动调用本技能。支持上传图片、发送图片消息、获取图片内容。 Activate when user mentions: 飞书发图、发送图片、上传图片、获取图片、下载图片、image_key。 It is an AI Agent Skill for Claude Code / OpenClaw, with 478 downloads so far.

How do I install 飞书图片消息?

Run "/install feishu-img-msg" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 飞书图片消息 free?

Yes, 飞书图片消息 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 飞书图片消息 support?

飞书图片消息 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 飞书图片消息?

It is built and maintained by BING (@imbing); the current version is v1.0.0.

More Skills