← 返回 Skills 市场

Feishu Bot Full Setup

Name: Feishu Bot Full Setup
Author: big-dust

作者 big-dust · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install feishu-bot-full-setup

功能描述

创建飞书企业自建机器人，并完成权限导入、事件订阅、卡片回调和版本发布全流程。适用于创建飞书机器人、飞书应用机器人，或自动化完成飞书开放平台建机器人流程的场景。

使用说明 (SKILL.md)

feishu-bot-creator

使用这个 skill 时，优先把它当成主 agent 的标准化工作流，而不是“用户直接运行的脚本说明”。

目录说明

scripts/create_feishu_bot.py：执行实际创建流程的脚本
references/permissions.md：默认申请的权限、事件、卡片回调清单；仅在需要核对或调整权限时读取

适用边界

适用于：

新建飞书企业自建机器人
自动完成机器人开通、权限导入、事件订阅、卡片回调、版本创建与提交发布
需要拿到 app_id 和 app_secret

不适用于：

修改已有飞书应用的复杂配置
处理企业审批、人工审核、管理员授权等必须人工完成的步骤
直接承诺“脚本自己会把二维码发给用户”——当前脚本只会把二维码 PNG 写到本地，由主 agent 负责发送给用户

标准执行顺序

1. 先收集初始信息

优先使用 feishu_ask_user_question 询问：

机器人名称（必填）
机器人描述（可为空；为空时默认与名称一致）
是否自定义头像
若自定义头像，要求用户提供本地图片或可下载图片地址

如果用户已经明确给出这些信息，就不要重复询问。

2. 初始化运行环境

首次使用或环境不确定时，先执行：

python3 ~/.openclaw/workspace/skills/feishu-bot-creator/scripts/create_feishu_bot.py init

3. 用环境变量注入参数后执行创建

按已收集的信息设置环境变量，再执行：

python3 ~/.openclaw/workspace/skills/feishu-bot-creator/scripts/create_feishu_bot.py create

常用环境变量

FEISHU_BOT_NAME：指定机器人名称
FEISHU_BOT_DESC：指定机器人描述；不填时默认使用名称
FEISHU_BOT_AVATAR_PATH：指定机器人头像本地图片路径
FEISHU_BOT_QR_PNG_PATH：指定登录二维码输出路径，便于发送给用户

4. 处理二维码登录

脚本执行过程中会把登录二维码写到本地 PNG（默认 /tmp/feishu-login-qr.png）。

主 agent 必须：

读取该 PNG 是否已生成
通过当前会话把二维码图片发给用户
提示用户用飞书扫码并确认登录
等待用户完成扫码后再继续观察脚本结果

5. 读取结果并返回

成功时，脚本标准输出只有一行 JSON：

{"app_id":"...","app_secret":"..."}

主 agent 应：

解析 JSON
明确返回 app_id 与 app_secret
同时告知用户脚本已完成哪些步骤

失败处理

权限或发布失败

先判断是否属于以下情况：

当前账号没有创建/发布企业自建应用权限
某些 scope 在当前企业不可用
飞书开放平台接口临时失败

必要时读取 references/permissions.md，核对脚本里申请的权限、事件与卡片回调。

二维码相关问题

如果二维码未生成或过期：

先检查 /tmp/feishu-login-qr.png 是否存在
默认可直接重新执行创建流程；同一路径下二维码会被新文件覆盖
只有在浏览器残留、锁文件未释放或连续异常失败时，才执行清理：

python3 ~/.openclaw/workspace/skills/feishu-bot-creator/scripts/create_feishu_bot.py cleanup

关键事实

脚本当前已实现：

自动登录页拉起与二维码生成
创建应用
获取密钥
开启机器人能力
导入权限
配置事件订阅
配置卡片回调
创建版本并提交发布
给创建者发送成功通知

脚本当前未实现：

自己向当前聊天发送二维码
自己向用户发起交互问答卡片

这两部分由主 agent 在 skill 工作流里补齐。

安全使用建议

This skill appears to implement what it claims, but it will download and install packages and browser binaries at runtime, may attempt to run apt/yum/dnf to install system libraries, and writes temporary files and a Chrome profile under /tmp. It also prints the created app_secret to stdout which the agent will parse and return — treat that output as a secret. Before installing/running: (1) review the full script locally; (2) run it in an isolated environment (container or VM) to limit package-manager changes and network exposures; (3) ensure you are comfortable with automatic downloads from pypa.io and Playwright download hosts; (4) only allow your agent to forward the app_secret to trusted destinations and consider rotating the secret after use. If you need lower-risk operation, consider manually performing the creation steps or adapting the script to avoid automatic system installs and to store secrets in a secure vault rather than stdout.

功能分析

Type: OpenClaw Skill Name: feishu-bot-full-setup Version: 1.0.0 The skill automates the creation of a Feishu (Lark) bot with an extremely broad and over-privileged set of permissions, including the ability to read all messages, contacts, drive files, and documents (scripts/create_feishu_bot.py). It uses a headless browser to automate the login and approval process, extracts sensitive 'app_secret' credentials, and disables SSL certificate verification (ssl.CERT_NONE) during file uploads and downloads. While these actions facilitate the stated goal of a 'full setup' automation, the combination of automated credential handling and excessive data access scopes represents a significant security risk without clear safeguards.

能力评估

✓ Purpose & Capability

Name/description (create Feishu enterprise bot and complete lifecycle) aligns with the included script and permission list. Use of browser automation (Playwright), QR login, and requesting app_id/app_secret are expected for this workflow.

⚠ Instruction Scope

SKILL.md tells the agent to run the bundled Python script and to retrieve the QR PNG and returned JSON (app_id/app_secret). The instructions do not clearly warn that the script will attempt to install Python packages, download bootstrap scripts and browser binaries, or run package-manager commands. The script writes files under /tmp and a profile dir and prints the app_secret to stdout — all within the skill's operational scope but sensitive and potentially surprising if the user expected a dry or read-only helper.

⚠ Install Mechanism

There is no platform install spec, but the script will perform network installs at runtime: it downloads get-pip.py from bootstrap.pypa.io, installs Python packages (playwright, etc.), and triggers Playwright/browser binary downloads (or uses system browser). It may also attempt apt/yum/dnf installs of system libraries. Network downloads and package-manager usage are legitimate for Playwright but increase risk (unexpected external code and binary fetches).

ℹ Credentials

The skill does not request external API keys up front and uses QR-based login (avoiding direct credential input), which is appropriate. However the script outputs app_secret on stdout and expects the agent to parse and return it to the user — this exposes a sensitive secret that should be handled carefully. The script honors a number of env vars (PLAYWRIGHT_*, FEISHU_BOT_*) documented in SKILL.md; these are relevant and proportional.

ℹ Persistence & Privilege

The skill is not always:true and does not claim persistence. It creates local state (profile dir, PID, QR PNG) under /tmp and may invoke system package managers; these are normal for browser-automation tasks but can be intrusive. The SKILL.md does not explicitly call out package-manager or system-level changes that may require elevated privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install feishu-bot-full-setup
安装完成后，直接呼叫该 Skill 的名称或使用 /feishu-bot-full-setup 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

初始版本：支持飞书企业自建机器人的创建、权限导入、事件订阅、卡片回调与版本发布全流程。

元数据

Slug feishu-bot-full-setup

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题