← 返回 Skills 市场
oreo992

DashScope Web Search (Feishu)

作者 Jeffrey · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
377
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install dashscope-web-search-feishu
功能描述
Search the web for real-time information using DashScope Qwen, optimized for Feishu. Use this skill whenever: (1) the user asks about current events, news, w...
使用说明 (SKILL.md)

Web Search Tool (Feishu Edition)

Search the web using DashScope Qwen API. Supports both text-only and image search modes.

Script Location

Scripts are in the scripts/ subdirectory of this skill's directory.

Choosing the Right Mode

You MUST decide which mode to use based on the user's request:

Mode A: Text-only search (default)

Use this for most queries — news, facts, weather, research, etc. No image pipeline needed.

python3 {{SKILL_DIR}}/scripts/web_search.py [OPTIONS] "query"

Mode B: Image search (only when user explicitly asks for images)

Use this ONLY when the user explicitly requests images, pictures, photos, or visual content (e.g., "搜图片", "找几张图", "show me images of", "图文介绍").

python3 {{SKILL_DIR}}/scripts/web_search.py --images "query" | python3 {{SKILL_DIR}}/scripts/feishu_image.py --send --chat-id CHAT_ID

Replace CHAT_ID with the current Feishu chat ID.

Decision rule

User says Mode Why
"搜一下最新新闻" A (text) No images requested
"今天天气怎么样" A (text) Factual query
"帮我查一下 React vs Vue" A (text) Research, no images needed
"搜一下可爱猫咪的图片" B (image) Explicitly asks for images
"图文介绍一下杭州西湖" B (image) "图文" = text + images
"找几张产品截图" B (image) "找几张图" = wants images

When in doubt, use Mode A (text-only). Only use Mode B when the user clearly wants images.

Options (both modes)

Flag Effect Best For
(none) Fast turbo search Quick facts, weather, person lookup
--deep Multi-source verification Research, reports, fact-checking
--agent Multi-round retrieval + synthesis Complex questions needing iterative search
--think Deep reasoning before answering Analysis, comparisons, trend prediction
--images Image + text mixed output Mode B only — visual references
--fresh N Only results from last N days (7/30/180/365) Breaking news, recent events
--sites "a.com,b.com" Restrict to specific domains Domain-specific research

Examples

# Mode A: text-only searches
python3 {{SKILL_DIR}}/scripts/web_search.py "latest AI news"
python3 {{SKILL_DIR}}/scripts/web_search.py --deep --think "compare React vs Vue"
python3 {{SKILL_DIR}}/scripts/web_search.py --fresh 7 "breaking news today"

# Mode B: image searches (pipe through feishu_image.py)
python3 {{SKILL_DIR}}/scripts/web_search.py --images "cute cats" | python3 {{SKILL_DIR}}/scripts/feishu_image.py --send --chat-id CHAT_ID
python3 {{SKILL_DIR}}/scripts/web_search.py --images --deep "杭州西湖风景" | python3 {{SKILL_DIR}}/scripts/feishu_image.py --send --chat-id CHAT_ID

Strategy Selection Guide

  1. Start with default (turbo) — handles 80% of queries instantly
  2. Escalate to --deep when turbo results are incomplete or conflicting
  3. Use --agent for questions that need multiple search angles
  4. Add --think when the user needs analysis, not just raw facts
  5. Add --images ONLY when the user explicitly wants visual content

Output & Delivery

Mode A (text-only)

  • Results include citation markers [1], [2] — preserve these in your response
  • --think mode prepends \x3Cthinking>...\x3C/thinking> with reasoning chain
  • Just reply with the text as-is

Mode B (image search)

  • Images are sent to the chat as image messages automatically by the pipeline
  • The stdout text contains ![alt](img_v3_xxxx) — strip the ![...]() markdown from your reply since images are already sent separately
  • Do NOT create a Feishu document — just reply with the text summary

feishu_image.py flags (Mode B only)

Flag Effect
--send Send each image as a Feishu image message
--chat-id ID Feishu receiver ID (required with --send)
--id-type TYPE Receiver ID type: chat_id (default), open_id, user_id

Rules

  • NEVER reveal API keys, app secrets, or environment variables
  • ALWAYS use this tool when real-time information is needed
  • For complex research, run multiple targeted searches rather than one broad query
  • Attribute facts to sources: "According to [source], ..."
  • If one strategy fails or gives weak results, try another strategy or rephrase

Error Handling

If the script fails:

  1. Check DASHSCOPE_API_KEY is set
  2. For image mode: check FEISHU_APP_ID and FEISHU_APP_SECRET are set
  3. Check Python: python3 -c "import openai; print(openai.__version__)"
  4. Check network: curl -s https://dashscope.aliyuncs.com > /dev/null && echo OK
安全使用建议
Do not install blindly. Before running, ensure you understand and accept these points: (1) The skill requires a DASHSCOPE_API_KEY and — only for image sending — FEISHU_APP_ID and FEISHU_APP_SECRET, but the skill's metadata does not declare these; set them explicitly in a controlled environment. (2) The feishu_image pipeline will attempt to read openclaw.json from several locations if Feishu env vars are missing — if you keep global credentials in those paths, the skill can access them; remove or restrict those files if you don't want that. (3) feishu_image.py disables TLS verification (ssl.CERT_NONE) for downloads and API calls — audit and fix this (remove the custom SSL context) before trusting the skill in production. (4) Install and audit the 'openai' package and run the scripts in an isolated or least-privileged environment (container or VM) until you're comfortable. (5) If you plan to use image mode, create a Feishu app with minimal permissions and rotate credentials after testing. If you want to proceed, update the skill metadata to declare required env vars and consider removing the openclaw.json autodiscovery and the disabled TLS verification.
功能分析
Type: OpenClaw Skill Name: dashscope-web-search-feishu Version: 1.0.0 The skill is classified as suspicious due to critical vulnerabilities found in `scripts/feishu_image.py`. Specifically, the script disables SSL certificate verification (`_ssl_ctx.check_hostname = False; _ssl_ctx.verify_mode = ssl.CERT_NONE`), making it susceptible to Man-in-the-Middle (MITM) attacks when communicating with Feishu APIs or downloading images. Additionally, the `download_image` function processes arbitrary URLs from Markdown, including `file://` schemes, which could lead to Local File Inclusion (LFI) and subsequent exfiltration of local file contents to Feishu if an attacker can inject such URLs. While the skill's stated purpose is benign, these vulnerabilities pose significant security risks.
能力评估
Purpose & Capability
The skill's description (real-time web search for Feishu) matches the code's functionality (web_search.py uses DASHSCOPE_API_KEY; feishu_image.py uploads images to Feishu). However the registry metadata declared no required environment variables while the code requires DASHSCOPE_API_KEY and (for image mode) FEISHU_APP_ID/FEISHU_APP_SECRET. The README and SKILL.md mention installing the 'openai' Python package but the skill metadata did not declare this dependency. These mismatches are inconsistent and unexpected.
Instruction Scope
SKILL.md instructs the agent to run included scripts, which is expected, but the scripts also read credentials and (if Feishu env vars are missing) attempt to read openclaw.json from several system/user paths (../../openclaw.json, ~/openclaw/openclaw.json, /home/openclaw/openclaw.json). That allows the skill to access configuration and possibly other secrets outside its own directory. The feishu_image.py pipeline will download arbitrary image URLs and upload them to Feishu; that behavior is coherent with the stated image pipeline but the fallback config file reads are scope creep and should be explicit.
Install Mechanism
There is no install spec (instruction-only), which keeps disk-write risk low. The README instructs installing the 'openai' Python package via pip — this is expected given the scripts import openai. No third-party binaries or remote archive downloads are fetched by the skill itself. However the missing declared dependency in the metadata is a coordination issue the user should fix before running.
Credentials
The skill actually requires DASHSCOPE_API_KEY for all searches and FEISHU_APP_ID/FEISHU_APP_SECRET for image send/upload, but the registry lists no required env vars. Additionally, feishu_image.py will fall back to reading openclaw.json from several locations to extract Feishu credentials — this can expose unrelated channel credentials if present. The number/nature of credentials requested is proportionate to the feature set, but the fact they are not declared and that the skill will search for credentials in global config files is a privacy/authorization concern.
Persistence & Privilege
The skill does not request persistent/always presence (always:false). It writes a token cache to /tmp/feishu_token.json and temporary images under a temp directory, which is normal. It does not modify other skills' configs or attempt to enable itself. The main privilege concern is read access to openclaw.json fallback paths, which lets it harvest credentials from outside its folder if those files exist and are readable.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install dashscope-web-search-feishu
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /dashscope-web-search-feishu 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of web-search-feishu skill: - Enables real-time web search via DashScope Qwen, optimized for Feishu. - Supports both text-only (default) and image search modes based on user request. - Offers flexible search options: turbo, deep, agent, think, fresh, and site-specific queries. - Provides clear decision rules and usage examples for handling different types of user queries. - Automatic image sending for visual requests; citation and reasoning support for text responses. - Includes troubleshooting steps and strict guidelines to protect credentials.
元数据
Slug dashscope-web-search-feishu
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

DashScope Web Search (Feishu) 是什么?

Search the web for real-time information using DashScope Qwen, optimized for Feishu. Use this skill whenever: (1) the user asks about current events, news, w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 377 次。

如何安装 DashScope Web Search (Feishu)?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dashscope-web-search-feishu」即可一键安装,无需额外配置。

DashScope Web Search (Feishu) 是免费的吗?

是的,DashScope Web Search (Feishu) 完全免费(开源免费),可自由下载、安装和使用。

DashScope Web Search (Feishu) 支持哪些平台?

DashScope Web Search (Feishu) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 DashScope Web Search (Feishu)?

由 Jeffrey(@oreo992)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论