← 返回 Skills 市场
feishu-audio
作者
tianyn1990
· GitHub ↗
· v1.0.1
652
总下载
1
收藏
4
当前安装
2
版本数
在 OpenClaw 中安装
/install feishu-audio
功能描述
将音频文件转换为飞书可播放的语音消息。先用 ffmpeg 转为 opus 格式,再上传到飞书,最后发送 audio 消息。适用于用户想要在飞书中收到可播放的语音消息的场景。
使用说明 (SKILL.md)
feishu-audio
将本地音频文件转换为飞书可播放的语音消息。
适用场景
- 用户说"朗读 xxx"、"语音播报"
- 需要发送可播放的语音消息到飞书
前置条件
-
ffmpeg - 音频格式转换
brew install ffmpeg -
飞书应用配置 - 需要以下环境变量:
FEISHU_APP_IDFEISHU_APP_SECRET
-
接收者 - 飞书用户 Open ID(从上下文获取或手动指定)
使用方法
方式 1:使用已有音频文件
bash scripts/send_audio.sh \x3C音频文件路径> [接收者OpenID]
方式 2:结合 TTS 使用
先生成音频,再用本技能发送:
# 1. 用 edge-tts 生成音频
edge-tts -t "你好,我是小曦" -v zh-CN-XiaoxiaoNeural --write-media /tmp/voice.mp3
# 2. 转为 opus 并发送到飞书
bash scripts/send_audio.sh /tmp/voice.mp3
脚本说明
send_audio.sh
主脚本,完整的音频消息发送流程。
参数:
$1- 音频文件路径(必需)$2- 接收者 Open ID(可选,默认从环境变量 FEISHU_RECEIVER 获取)
环境变量:
FEISHU_APP_ID- 飞书应用 IDFEISHU_APP_SECRET- 飞书应用密钥FEISHU_RECEIVER- 接收者 Open ID(可选)
流程:
- 检查 ffmpeg 是否可用
- 检查音频文件是否存在
- 用 ffmpeg 转换为 opus 格式(飞书要求)
- 获取飞书 tenant_access_token
- 上传到飞书(file_type=opus)
- 发送 audio 消息
音频格式要求
飞书语音消息要求:
- 格式: opus (OGG 容器)
- 编码: libopus
- 采样率: 24000 Hz
- 声道: 单声道
故障排查
ffmpeg 未安装
brew install ffmpeg
上传失败
检查飞书应用权限:
im:messageim:message:send_as_bot
消息发送成功但无法播放
确认:
- 上传时使用了
file_type=opus - 上传时传递了
duration参数
安全使用建议
This skill appears to do what it says (convert a local audio file and send it to Feishu), but exercise caution because the registry metadata omits required credentials and binaries. Before installing or running: (1) inspect the included script (scripts/send_audio.sh) — it uploads files to https://open.feishu.cn and uses FEISHU_APP_ID/FEISHU_APP_SECRET; (2) do not supply production credentials until you trust the source; create a test Feishu app with minimal permissions (im:message, im:message:send_as_bot) and use those; (3) ensure required tools are installed (ffmpeg/ffprobe, jq, curl) — SKILL.md only mentions ffmpeg; (4) run in an isolated/test environment first and rotate any keys used for testing; (5) if you plan to use this long-term, ask the publisher to correct the registry metadata to declare required env vars and binaries. These inconsistencies look like sloppy packaging rather than overtly malicious behavior, but they increase risk and warrant verification.
功能分析
Type: OpenClaw Skill
Name: feishu-audio
Version: 1.0.1
The skill bundle is classified as suspicious due to a shell injection vulnerability in `scripts/send_audio.sh`. The script directly embeds user-controlled input (`$AUDIO_FILE` and `$OPUS_FILE`) into `ffmpeg` and `ffprobe` commands without proper sanitization or quoting. This flaw could allow an attacker to inject arbitrary shell commands if they can control the audio file path provided to the script, potentially leading to remote code execution. While there is no clear evidence of intentional malicious behavior (e.g., data exfiltration to unauthorized endpoints, backdoors), this vulnerability represents a significant security risk.
能力评估
Purpose & Capability
The script implements exactly what the name/description claim: convert audio to opus and upload/send to Feishu. However the package registry metadata lists no required environment variables or binaries, while the SKILL.md and script require FEISHU_APP_ID/FEISHU_APP_SECRET and ffmpeg/ffprobe/jq/curl — a mismatch between declared metadata and actual needs.
Instruction Scope
SKILL.md and the script stay within scope: they read a local audio file, convert it, obtain a Feishu tenant_access_token, upload the file to Feishu, and send a message. The script does not attempt to read unrelated system files or call unexpected third-party endpoints (only open.feishu.cn).
Install Mechanism
No install spec (instruction-only with a helper script) — low installation risk. SKILL.md recommends installing ffmpeg via brew but does not mention other required tools (jq, ffprobe, curl), which are used by the script and should be declared.
Credentials
The environment variables used (FEISHU_APP_ID and FEISHU_APP_SECRET, optional FEISHU_RECEIVER) are appropriate for interacting with Feishu. The concern is that the registry metadata does not declare any required env vars or primary credential, so the skill will in practice require and use sensitive app credentials despite metadata claiming none.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills or system-wide settings, and only writes a temporary file to /tmp. Autonomous invocation is allowed by default but is not combined with other high-risk behaviors.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-audio - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-audio触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Version 1.0.1 of feishu-audio
- No changes detected in this version.
- All features and documentation remain the same as the previous release.
v1.0.0
- Initial release of feishu-audio.
- Converts local audio files to Feishu-playable voice messages.
- Uses ffmpeg to transcode audio to opus format before uploading.
- Supports sending to specified Feishu user via OpenID.
- Includes bash script for end-to-end workflow: conversion, upload, and message sending.
- Documentation covers usage, environment setup, audio requirements, and troubleshooting.
元数据
常见问题
feishu-audio 是什么?
将音频文件转换为飞书可播放的语音消息。先用 ffmpeg 转为 opus 格式,再上传到飞书,最后发送 audio 消息。适用于用户想要在飞书中收到可播放的语音消息的场景。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 652 次。
如何安装 feishu-audio?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-audio」即可一键安装,无需额外配置。
feishu-audio 是免费的吗?
是的,feishu-audio 完全免费(开源免费),可自由下载、安装和使用。
feishu-audio 支持哪些平台?
feishu-audio 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 feishu-audio?
由 tianyn1990(@tianyn1990)开发并维护,当前版本 v1.0.1。
推荐 Skills