← 返回 Skills 市场
jasonzhang2015

Feishu Send Image

作者 PL Uncle · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
301
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install feishu-bot-send-image
功能描述
Send images directly in Feishu chat as native image messages (not file attachments). Use when: need to send a generated image, chart, screenshot, or any loca...
使用说明 (SKILL.md)

Feishu Send Image

Send local image files as native Feishu image messages via the Feishu Bot API.

Why This Skill Exists

OpenClaw's message tool with filePath, media, or buffer parameters only sends file attachments in Feishu, not inline images. This skill calls the Feishu API directly to send proper image messages.

Quick Usage

Run the script:

bash scripts/feishu_send_image.sh \x3Cimage_path> \x3Creceive_id> \x3Capp_id> \x3Capp_secret> [receive_id_type]

Arguments

Arg Description
image_path Local path to image (png/jpg/gif/webp)
receive_id Feishu open_id (user) or chat_id (group)
app_id Feishu app ID from ~/.openclaw/openclaw.jsonfeishu.accounts.default.appId
app_secret Feishu app secret from ~/.openclaw/openclaw.jsonfeishu.accounts.default.appSecret
receive_id_type open_id (default) or chat_id

Example

bash scripts/feishu_send_image.sh /tmp/chart.png \
  ou_38470740452f6083ce189b7ddec722f8 \
  cli_a92c368412f9dcb1 \
  7uM7aLqeqYqm0Fsy0IP5QhOyTBSwxlfT

Getting Credentials

Read ~/.openclaw/openclaw.json and extract:

  • channels.feishu.accounts.default.appId
  • channels.feishu.accounts.default.appSecret

The receiver's open_id comes from inbound message metadata (sender_id).

How It Works

  1. Get tokenPOST /auth/v3/tenant_access_token/internal with appId/appSecret
  2. Upload imagePOST /im/v1/images with image_type=message, returns image_key
  3. Send messagePOST /im/v1/messages with msg_type=image and the image_key

Output

On success: OK: image_key=\x3Ckey> message_id=\x3Cid> On failure: prints error and exits with code 1.

安全使用建议
This skill implements the advertised feature (sending inline Feishu images) and uses legitimate Feishu endpoints. Before installing: (1) note the package metadata omits runtime requirements — the script needs curl and python3 and the README/skill instructs reading ~/.openclaw/openclaw.json for app_id/app_secret; verify that reading that file is acceptable in your environment. (2) Treat app_id/app_secret as sensitive: avoid passing them on the command line (process lists can expose them); prefer using a secure credential mechanism or a protected config file with restricted permissions. (3) Confirm the Feishu app only has the minimum permissions required (im:message:send_as_bot and im:resource). (4) Inspect the script in your environment before running and run it in a context that limits exposure of credentials and of any untrusted images. If you want higher assurance, ask the author to declare required binaries and config paths in the skill metadata and to provide an option that reads credentials from a secure env var or a restricted config file rather than command-line arguments.
功能分析
Type: OpenClaw Skill Name: feishu-bot-send-image Version: 1.0.0 The skill facilitates sending images via the Feishu API but contains a shell injection vulnerability in `scripts/feishu_send_image.sh` because it insecurely expands variables within `curl` command strings, allowing for command substitution if credentials are manipulated. Furthermore, `SKILL.md` directs the AI agent to read the sensitive `~/.openclaw/openclaw.json` configuration file to retrieve credentials. While the behavior appears aligned with the stated purpose of bypassing OpenClaw's attachment limitations, the combination of insecure script execution and broad credential access instructions is high-risk.
能力评估
Purpose & Capability
Name/description align with the implementation: the script calls Feishu endpoints to obtain a tenant token, upload an image, and send an image message. The required arguments (image path, receive_id, app_id, app_secret) are consistent with the stated purpose.
Instruction Scope
SKILL.md and README explicitly tell the user/agent to read ~/.openclaw/openclaw.json to obtain appId/appSecret. The script itself does not automatically read that file (it expects credentials as arguments), but the instructions point the agent toward a specific local config file. This is within the skill's purpose but is a scope mismatch versus the declared metadata (which claimed no config paths).
Install Mechanism
No install spec (instruction-only skill with an included shell script). No remote downloads or archive extraction. This is low-risk for installation mechanics.
Credentials
The skill requires Feishu app_id and app_secret (sensitive secrets) to function — that's appropriate for the integration, but the registry metadata lists no required env vars or config paths. README lists preconditions (curl and python3) which are not declared in metadata. The SKILL.md suggests reading ~/.openclaw/openclaw.json to obtain credentials; that file may contain other secrets and was not declared as a required config path. Also the provided usage sends secrets on the command line (argv), which can be exposed via process listings — a security concern.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system-wide configs, and has no elevated privileges declared. Autonomous invocation remains possible (platform default) but is not combined with other high-risk factors here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install feishu-bot-send-image
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /feishu-bot-send-image 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
First release: Sends local image files as native image messages in Feishu via Bot API, not as attachments. - Added script (feishu_send_image.sh) to send PNG/JPG/GIF/WEBP images directly to Feishu users or groups - Usage requires specifying image path, receiver ID/type, app ID, and app secret - Uses Feishu Bot API: authenticates, uploads image, sends message - Credentials must be manually extracted from ~/.openclaw/openclaw.json - Replaces previous tool which could only send attachments, enabling true image messages
元数据
Slug feishu-bot-send-image
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Feishu Send Image 是什么?

Send images directly in Feishu chat as native image messages (not file attachments). Use when: need to send a generated image, chart, screenshot, or any loca... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 301 次。

如何安装 Feishu Send Image?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-bot-send-image」即可一键安装,无需额外配置。

Feishu Send Image 是免费的吗?

是的,Feishu Send Image 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Feishu Send Image 支持哪些平台?

Feishu Send Image 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Feishu Send Image?

由 PL Uncle(@jasonzhang2015)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论