← 返回 Skills 市场
391
总下载
0
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install feishu-docx
功能描述
飞书云文档(docx)的创建与编辑技能。支持通过 API 创建文档、追加内容、批量更新块等操作。使用此技能需要提供 App ID 和 App Secret。
使用说明 (SKILL.md)
Feishu Docx Skill
本技能封装了飞书云文档(docx)API 的核心操作,允许老大快速对飞书文档进行读写操作。
认证信息
使用该技能前,需确保已设置以下环境变量或在代码中显式传入:
FEISHU_APP_ID: cli_a92c5076b7789cd2FEISHU_APP_SECRET: 9jPdCn49G54RFoEoDPUCVcptnWZnTZqp
核心工作流
- 获取访问令牌: 使用
tenant_access_token进行应用级别的认证。 - 创建文档: 调用
POST /open-apis/docx/v1/documents创建一个空的或指定标题的文档。 - 写入/编辑内容:
- 追加块:
POST /open-apis/docx/v1/documents/{document_id}/blocks/{block_id}/children - 批量更新:
POST /open-apis/docx/v1/documents/{document_id}/blocks/batch_update
- 追加块:
使用示例 (Python)
from scripts.feishu_docx_client import FeishuDocx
client = FeishuDocx(app_id="cli_a92c5076b7789cd2", app_secret="9jPdCn49G54RFoEoDPUCVcptnWZnTZqp")
# 1. 创建文档
doc_id = client.create_document("测试文档")
# 2. 追加文本
client.append_text(doc_id, "这是由 OpenClaw 写入的内容。")
资源
- 客户端脚本:
scripts/feishu_docx_client.py封装了常用的 API 调用。 - 参考文档: 请参考 REFERENCES.md 了解更多 Block 类型和 API 细节。
安全使用建议
Do not blindly run these scripts. Key issues: (1) multiple files contain hard-coded Feishu App ID, App Secret and folder_token — treat these as leaked credentials; avoid using them. (2) Several scripts read absolute local paths and will upload local files if executed — inspect and edit paths before running. (3) The registry metadata claims no required env vars but SKILL.md requires FEISHU_APP_ID/FEISHU_APP_SECRET — this mismatch is suspicious. Recommended actions before installing or running: review and remove any hard-coded secrets, replace with your own credentials stored in environment variables, verify the folder_token and tenant are ones you control (rotate secrets if you used the exposed values), search your environment for any accidental use of the included absolute paths, and run the code in a sandboxed environment. If you cannot verify the provenance of the embedded credentials and folder targets, avoid using the skill.
功能分析
Type: OpenClaw Skill
Name: feishu-docx
Version: 1.0.2
The OpenClaw AgentSkills bundle for Feishu Docx is classified as benign. The skill's primary function is to interact with the Feishu API for document creation and management, which involves making network requests to `https://open.feishu.cn`. While the example scripts (`scripts/import_egg_cake_report.py`, `scripts/perfect_import_egg_cake.py`, `scripts/write_tangyuan.py`) hardcode `app_id` and `app_secret`, this is a vulnerability related to secret management in example code rather than evidence of malicious intent to exfiltrate unauthorized credentials. The scripts also read specific markdown files from a hardcoded path within the OpenClaw workspace, which is consistent with the skill's stated purpose of processing local documents for upload. There is no evidence of prompt injection in `SKILL.md`, unauthorized data exfiltration, malicious execution, persistence mechanisms, or obfuscation.
能力评估
Purpose & Capability
The skill claims to be a Feishu Docx create/edit helper and therefore would reasonably need an App ID and App Secret — however the registry metadata lists no required env vars or primary credential. The code embeds an App ID, App Secret and a folder_token directly in multiple scripts (and prints tenant doc URLs), which is inconsistent with the registry declaring no credentials and exposes account-scoped secrets/targets.
Instruction Scope
SKILL.md and code show expected Feishu API calls, but multiple included scripts reference absolute local filesystem paths (e.g. /Users/cpjhy0535/.openclaw/... ) and will read and upload local files. SKILL.md also prints explicit secret values. The instructions/code therefore have scope beyond just calling an API: they assume access to specific local files and target a specific folder/account.
Install Mechanism
No install spec (instruction-only) reduces installation risk, but the package includes executable Python scripts. There is no declared install step or sandboxing: running these scripts will execute network calls and filesystem reads. That means the risk is operational (what you run) rather than coming from a remote installer.
Credentials
Although registry metadata lists no required env vars, SKILL.md tells users to set FEISHU_APP_ID and FEISHU_APP_SECRET — and the same credentials are hard-coded in multiple scripts along with a folder_token. Hard-coded credentials and account-scoped folder tokens are disproportionate and unsafe. The skill requires credential-level access to a Feishu tenant but does not declare or justify that access in metadata.
Persistence & Privilege
The skill is not always: true, is user-invocable, and allows autonomous invocation by default (normal). It does not request to modify other skills or system-wide settings in the provided files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-docx - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-docx触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fix: Correct file upload handling using requests post (data and files separation) and ensure proper file closing with context manager.
v1.0.1
Feature: Add delete_file method and update import workflow to clean up temporary source files after successful import.
v1.0.0
Initial release: Support creating docx from markdown using Feishu Drive Import API.
元数据
常见问题
Feishu Docx 是什么?
飞书云文档(docx)的创建与编辑技能。支持通过 API 创建文档、追加内容、批量更新块等操作。使用此技能需要提供 App ID 和 App Secret。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 391 次。
如何安装 Feishu Docx?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-docx」即可一键安装,无需额外配置。
Feishu Docx 是免费的吗?
是的,Feishu Docx 完全免费(开源免费),可自由下载、安装和使用。
Feishu Docx 支持哪些平台?
Feishu Docx 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Feishu Docx?
由 cpjhy(@cpjhy)开发并维护,当前版本 v1.0.2。
推荐 Skills