← 返回 Skills 市场

飞书日历管理（中文版）

Name: 飞书日历管理（中文版）
Author: thinkingmanyangyang

作者 thinkingmanyangyang · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

222

总下载

当前安装

版本数

在 OpenClaw 中安装

/install feishu-calendar-cn

功能描述

飞书日历管理技能。用于查询日程、创建事件、查询忙闲状态。当用户询问日程、会议、日历相关问题时使用此技能。触发条件：(1) 用户询问今天的日程/明天的日程/某天的日程 (2) 用户要求创建日程/添加会议/新建事件 (3) 用户询问日历/日程安排 (4) 用户提到飞书日历相关需求。

使用说明 (SKILL.md)

飞书日历技能

用于管理个人飞书日历，包括查询日程、创建事件、查询忙闲状态等功能。

前置配置

使用此技能前需要完成 OAuth 授权，详见 OAuth 配置指南。

配置文件

Token 文件位置：~/.openclaw/workspace/skills/feishu-calendar/scripts/.user_token.json

{
  "access_token": "u-xxx",
  "refresh_token": "ur-xxx",
  "calendar_id": "[email protected]"
}

使用方法

查询日程

# 读取配置
$tokenFile = "$env:USERPROFILE\.openclaw\workspace\skills\feishu-calendar\scripts\.user_token.json"
$config = Get-Content $tokenFile | ConvertFrom-Json

# 查询今天的日程
$startTime = [int][double]::Parse((Get-Date -Date (Get-Date).Date -UFormat %s))
$endTime = $startTime + 86400

$result = Invoke-RestMethod -Uri "https://open.feishu.cn/open-apis/calendar/v4/calendars/$($config.calendar_id)/events?start_time=$startTime&end_time=$endTime" -Method Get -Headers @{ Authorization = "Bearer $($config.access_token)" }

$result.data.items | ForEach-Object {
    Write-Host "$($_.summary) - $(Get-Date -UnixTimeSeconds $_.start_time.timestamp -Format 'HH:mm') 到 $(Get-Date -UnixTimeSeconds $_.end_time.timestamp -Format 'HH:mm')"
}

创建日程

# 读取配置
$tokenFile = "$env:USERPROFILE\.openclaw\workspace\skills\feishu-calendar\scripts\.user_token.json"
$config = Get-Content $tokenFile | ConvertFrom-Json

# 设置时间
$startTime = [int][double]::Parse((Get-Date -Date "2026-03-21 14:00:00" -UFormat %s))
$endTime = [int][double]::Parse((Get-Date -Date "2026-03-21 15:00:00" -UFormat %s))

$body = @{
    summary = "会议标题"
    start_time = @{ timestamp = $startTime.ToString(); timezone = "Asia/Shanghai" }
    end_time = @{ timestamp = $endTime.ToString(); timezone = "Asia/Shanghai" }
    location = @{ name = "会议室A" }
} | ConvertTo-Json -Depth 3

$result = Invoke-RestMethod -Uri "https://open.feishu.cn/open-apis/calendar/v4/calendars/$($config.calendar_id)/events" -Method Post -Body $body -ContentType "application/json" -Headers @{ Authorization = "Bearer $($config.access_token)" }

if ($result.code -eq 0) {
    Write-Host "✅ 日程创建成功"
} else {
    Write-Host "❌ 创建失败: $($result.msg)"
}

Token 刷新

Token 有效期约 2 小时，过期后运行：

$tokenFile = "$env:USERPROFILE\.openclaw\workspace\skills\feishu-calendar\scripts\.user_token.json"
$config = Get-Content $tokenFile | ConvertFrom-Json

# 获取 app_access_token
$appBody = @{ app_id = "cli_a93bf9470db85cc2"; app_secret = "9QGw66iouZcjp3JrnaOC3gI1cHgTS8eF" } | ConvertTo-Json
$appToken = (Invoke-RestMethod -Uri "https://open.feishu.cn/open-apis/auth/v3/app_access_token/internal" -Method Post -Body $appBody -ContentType "application/json").app_access_token

# 刷新 user_access_token
$refreshBody = @{ grant_type = "refresh_token"; refresh_token = $config.refresh_token } | ConvertTo-Json
$newToken = Invoke-RestMethod -Uri "https://open.feishu.cn/open-apis/authen/v1/oidc/refresh_access_token" -Method Post -Body $refreshBody -ContentType "application/json" -Headers @{ Authorization = "Bearer $appToken" }

# 保存
$config.access_token = $newToken.data.access_token
$config.refresh_token = $newToken.data.refresh_token
$config | ConvertTo-Json | Out-File $tokenFile
Write-Host "✅ Token 已刷新"

自然语言示例

用户：帮我查看今天的飞书日程
用户：查看我明天的日历
用户：帮我在飞书日历创建一个会议，明天 14:00 到 15:00，标题是"项目评审"
用户：我下周一有什么安排？

注意事项

Token 有效期：access_token 约 2 小时，refresh_token 约 30 天
权限要求：需要 calendar:calendar:readonly 权限
首次使用：需要完成 OAuth 授权流程

安全使用建议

This skill is functionally a Feishu calendar helper, but it contains inconsistent and risky credential handling. Do not install or run the scripts until the following are resolved: (1) remove the hard-coded app_secret/app_id from the repository and store them only in environment variables you control; (2) clarify and correct the auth flow — decide whether actions use user_access_token (for personal calendars) or app/tenant tokens (and update scripts/docs accordingly); (3) update the skill metadata to declare required env vars (FEISHU_APP_ID, FEISHU_APP_SECRET) if used; (4) confirm the minimal permissions needed (read vs write) and request only those; (5) if the hard-coded app_secret is real, rotate/revoke it immediately. If you are not the owner of the Feishu app indicated by the credentials, do not use those credentials — creating events with an app you don't own can expose other accounts. If you want, ask the skill author to provide a corrected version (no embedded secrets, consistent token flow) and re-run the review.

功能分析

Type: OpenClaw Skill Name: feishu-calendar-cn Version: 1.0.0 The skill bundle contains hardcoded sensitive credentials, specifically a Feishu app_id and app_secret (cli_a93bf9470db85cc2 / 9QGw66iouZcjp3JrnaOC3gI1cHgTS8eF), within SKILL.md and references/oauth-setup.md. While these appear to be provided to facilitate the OAuth flow, hardcoding secrets is a significant security vulnerability. The scripts (e.g., auth.sh, list_events.sh) perform legitimate calendar management tasks via the official Feishu API (open.feishu.cn), but the inclusion of static secrets is a high-risk practice that could lead to credential misuse or unauthorized access if the associated app is misconfigured.

能力评估

ℹ Purpose & Capability

The scripts and SKILL.md implement calendar queries, event creation, and free/busy checks against Feishu APIs, which is consistent with the stated purpose. However, the required credentials and permission statements are inconsistent across files (see instruction_scope and environment_proportionality).

⚠ Instruction Scope

Runtime instructions and scripts read/write a local token file (~/.openclaw/workspace/skills/feishu-calendar/scripts/.user_token.json) and call only Feishu endpoints (expected). But SKILL.md contains a 'Token 刷新' example that hard-codes an app_id/app_secret and instructs writing tokens to disk. Scripts and docs disagree about whether tenant/app credentials or user tokens are used for creating events (create_event.sh calls auth.sh to get a tenant_access_token, while list_events.sh uses a saved user_access_token). The SKILL.md also lists only readonly permission in one place but other parts and scripts require write permission.

✓ Install Mechanism

No install spec; this is an instruction-plus-script skill. No remote downloads or archive extraction — scripts live in the repo. That is low install risk.

⚠ Credentials

The repository includes a plaintext app_secret and app_id in SKILL.md and references/oauth-setup.md. The auth script (scripts/auth.sh) expects environment variables FEISHU_APP_ID and FEISHU_APP_SECRET, but requires.env is empty in the metadata — a clear mismatch. Hard-coded app_secret in documentation is a sensitive secret disclosure and not justified by the skill description. Token file storage is local and expected, but the discrepancy about which credentials are needed (tenant vs user tokens) is concerning.

✓ Persistence & Privilege

Skill does not request always:true and does not modify other skills. It persists user tokens to a local file in the skill workspace, which is normal for OAuth-based skills.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install feishu-calendar-cn
安装完成后，直接呼叫该 Skill 的名称或使用 /feishu-calendar-cn 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

首次发布：支持查询日程、创建事件、Token刷新。完整OAuth配置指南。

元数据

Slug feishu-calendar-cn

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题