← 返回 Skills 市场
118
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install feishu-img-send-mx
功能描述
直接通过飞书开放平台 API 发送图片(绕过 OpenClaw 插件的限制),而非以文件附件形式发送。使用场景:需要发送截图、二维码等图片给用户时。
使用说明 (SKILL.md)
feishu-image-sender
通过飞书开放平台 API 直接发送图片到用户,图片以内嵌方式显示,而非文件附件。
核心逻辑
两步走:
- 上传图片到飞书服务器,获取
image_key - 用
image_key发一条 image 类型消息
操作步骤
第一步:获取 Access Token
curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \
-H "Content-Type: application/json" \
-d '{"app_id":"\x3CAPP_ID>","app_secret":"\x3CAPP_SECRET>"}'
响应:{"code":0,"tenant_access_token":"t-xxx","expire":3339}
记录返回的 tenant_access_token。
第二步:上传图片
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/images" \
-H "Authorization: Bearer \x3Ctenant_access_token>" \
-F "image_type=message" \
-F "image=@/path/to/image.png"
响应:{"code":0,"data":{"image_key":"img_v3_xxx"},"msg":"success"}
记录返回的 image_key。
第三步:发送图片消息
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \
-H "Authorization: Bearer \x3Ctenant_access_token>" \
-H "Content-Type: application/json" \
-d '{
"receive_id": "\x3Copen_id>",
"msg_type": "image",
"content": "{\"image_key\":\"\x3Cimage_key>\"}"
}'
receive_id 可选 open_id(用户唯标识)、chat_id(群会话)、user_id、union_id。
响应成功:{"code":0,"data":{"message_id":"om_xxx",...}}
完整示例(单次执行)
#!/bin/bash
# 参数
IMAGE_PATH="$1"
OPEN_ID="$2"
APP_ID="cli_a924632610b8dbd9"
APP_SECRET="c3TXscIJPF1f8jcQ4mJJegNVk72ktbwK"
# 1. 获取 token
TOKEN=$(curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \
-H "Content-Type: application/json" \
-d "{\"app_id\":\"$APP_ID\",\"app_secret\":\"$APP_SECRET\"}" | \
python3 -c "import sys,json; print(json.load(sys.stdin)['tenant_access_token'])")
# 2. 上传图片
IMAGE_KEY=$(curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/images" \
-H "Authorization: Bearer $TOKEN" \
-F "image_type=message" \
-F "image=@$IMAGE_PATH" | \
python3 -c "import sys,json; print(json.load(sys.stdin)['data']['image_key'])")
# 3. 发送图片
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"receive_id\":\"$OPEN_ID\",\"msg_type\":\"image\",\"content\":\"{\\\"image_key\\\":\\\"$IMAGE_KEY\\\"}\"}"
echo "Done: $IMAGE_KEY"
工具调用封装(Node.js)
const fs = require('fs');
const path = require('path');
async function feishuSendImage(imagePath, openId, appId, appSecret) {
// 1. get token
const tokenRes = await fetch('https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ app_id: appId, app_secret: appSecret })
});
const { tenant_access_token } = await tokenRes.json();
// 2. upload image
const imageBuffer = fs.readFileSync(imagePath);
const uploadRes = await fetch('https://open.feishu.cn/open-apis/im/v1/images', {
method: 'POST',
headers: { 'Authorization': `Bearer ${tenant_access_token}` },
body: (() => {
const form = new FormData();
form.append('image_type', 'message');
form.append('image', new Blob([imageBuffer]), path.basename(imagePath));
return form;
})()
});
const { data: { image_key } } = await uploadRes.json();
// 3. send image message
const sendRes = await fetch(`https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${tenant_access_token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
receive_id: openId,
msg_type: 'image',
content: JSON.stringify({ image_key })
})
});
return sendRes.json();
}
限制与注意事项
- 图片大小限制:每个文件最大 30MB
- 支持格式:jpg、png、gif、webp、bmp、heic
- token 有效期 2 小时,超时需重新获取
receive_id_type必须与receive_id匹配(open_id / user_id / chat_id / union_id)- 图片消息不能通过 web 预览,必须是桌面端或手机端才能直接查看
安全使用建议
This skill does what it says (uploads a local image and sends it via Feishu APIs), but it has an important inconsistency: the documentation uses app_id/app_secret yet the skill metadata doesn't declare any required credentials. Also SKILL.md includes an APP_ID and APP_SECRET in plaintext — verify whether those values are real before using the skill. Before installing: (1) ask the author to declare required credentials (e.g., APP_ID/APP_SECRET) in the metadata and remove any embedded secrets from examples; (2) if you test, use throwaway Feishu app credentials and rotate them afterwards; (3) provide credentials via environment variables or a secret manager rather than embedding in scripts; (4) be aware the agent reads a local file (image) and uploads it to Feishu servers — do not use with sensitive images unless you trust the destination and credentials; (5) if you find the included APP_ID/APP_SECRET are valid, treat them as leaked and rotate them immediately.
功能分析
Type: OpenClaw Skill
Name: feishu-img-send-mx
Version: 1.0.0
The skill bundle contains hardcoded sensitive credentials (APP_ID and APP_SECRET) for the Feishu (Lark) platform within the SKILL.md file. It instructs the AI agent to use these credentials to upload and send images, which is a significant security risk and could lead to credential abuse or unauthorized data handling. Additionally, the documentation explicitly mentions 'bypassing OpenClaw plugin limitations,' indicating an intent to circumvent platform-level security or functional constraints when interacting with the Feishu API (open.feishu.cn).
能力评估
Purpose & Capability
The skill's name and description (send images via Feishu Open Platform) align with the runtime instructions (obtain tenant token, upload image, send image message). However, the SKILL.md demonstrates use of an APP_ID and APP_SECRET while the registry metadata declares no required environment variables or primary credential; that's an inconsistency between what the skill needs and what it advertises.
Instruction Scope
The instructions are narrowly scoped to obtaining a tenant_access_token, uploading a local image file, and sending it via Feishu APIs — which is expected. They do instruct reading a local file (image path) and transmitting it to Feishu servers, which is necessary for the task. However the examples show hard-coded credentials in the script, which broadens the security surface and risks accidental secret disclosure.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is the lowest-risk install model and is coherent with its purpose.
Credentials
The SKILL.md requires app_id and app_secret to obtain tokens, but the skill declares no required env vars or primary credential. Additionally, the SKILL.md contains a concrete APP_ID and APP_SECRET example embedded in plaintext — if those are real, they represent credential leakage; even if placeholders, embedding credentials in examples is a risky practice. The skill should explicitly declare required credentials and recommend secure handling (env vars, secret store).
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system configs. Model invocation is allowed (normal). No elevated persistence or cross-skill configuration changes are present.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-img-send-mx - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-img-send-mx触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
首次发布:通过飞书开放平台 API 直接发送图片(内嵌而非附件)
元数据
常见问题
飞书图片发送 是什么?
直接通过飞书开放平台 API 发送图片(绕过 OpenClaw 插件的限制),而非以文件附件形式发送。使用场景:需要发送截图、二维码等图片给用户时。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。
如何安装 飞书图片发送?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-img-send-mx」即可一键安装,无需额外配置。
飞书图片发送 是免费的吗?
是的,飞书图片发送 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
飞书图片发送 支持哪些平台?
飞书图片发送 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 飞书图片发送?
由 Moistenxx(@moistenxx)开发并维护,当前版本 v1.0.0。
推荐 Skills