← 返回 Skills 市场
Feishu Media
作者
a1024708231
· GitHub ↗
· v1.1.1
· MIT-0
109
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install feishu-media-new
功能描述
飞书媒体文件发送技能。适用于:发送文件、图片、URL图片、视频、音频、语音消息,以及打包压缩后发送。当用户要求在飞书中发送任何类型的媒体文件时激活此技能。
使用说明 (SKILL.md)
飞书媒体发送技能
通过 message 工具向飞书发送各类媒体文件。
核心用法
所有媒体发送都通过 message 工具的 action=send,关键参数:
channel: feishutarget:chat:群ID或user:open_id(省略则回复当前会话)message: 附带的文字说明(可选)filePath: 本地文件路径(注意:飞书频道可能不支持)media: URL 地址(网络图片/文件)
1. 发送本地文件(PDF/DOC/XLS/PPT/TXT等)
message action=send channel=feishu filePath=/path/to/file.pdf message="文件说明"
支持格式:pdf, doc/docx, xls/xlsx, ppt/pptx, txt, csv, zip, tar.gz 等。
2. 发送本地图片
message action=send channel=feishu filePath=/path/to/image.png message="图片说明"
支持格式:jpg, jpeg, png, gif, webp, bmp。
3. 发送 URL 图片
message action=send channel=feishu media=https://example.com/image.png message="网络图片"
4. 发送视频(重要:需要用 exec+curl 方式)
⚠️ 注意:OpenClaw 飞书频道的 filePath 参数不支持本地视频文件。
需要用以下 exec+curl 方式发送视频:
# 1. 获取 tenant_access_token(需要飞书应用的 appId 和 appSecret)
TOKEN_RESP=$(curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \
-H "Content-Type: application/json" \
-d '{"app_id":"你的appId","app_secret":"你的appSecret"}')
TOKEN=$(echo $TOKEN_RESP | grep -o '"tenant_access_token":"[^"]*"' | cut -d'"' -f4)
# 2. 上传视频文件(必须用 file_type=stream)
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/files" \
-H "Authorization: Bearer $TOKEN" \
-F "file_type=stream" \
-F "file_name=视频文件名.mp4" \
-F "file=@/path/to/video.mp4"
# 3. 用返回的 file_key 发送消息
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"receive_id": "用户的open_id",
"msg_type": "file",
"content": "{\"file_key\":\"返回的file_key\"}"
}'
关键点:
- 上传时
file_type必须用stream,不能用mp4 - 发送时
msg_type用file - 视频会以文件附件形式发送(不是内嵌播放)
支持格式:mp4, mov, avi。
5. 发送音频(非语音)
MP3 等音频文件作为普通文件发送:
message action=send channel=feishu filePath=/path/to/audio.mp3 message="音频文件"
6. 发送语音消息(可播放的语音条)
语音消息需要 Ogg/Opus 格式。飞书会显示为可播放的语音条。
6.1 直接发送 opus/ogg 文件
message action=send channel=feishu filePath=/path/to/voice.opus message="语音消息"
6.2 从 MP3 转换后发送
先用 ffmpeg 转换格式:
ffmpeg -i input.mp3 -ar 16000 -ac 1 -acodec libopus output.ogg -y
然后发送 output.ogg。
6.3 技术细节
语音消息的底层流程:
- 上传:
im.file.create,file_type: "opus",需带duration(毫秒) - 发送:
msg_type: "audio",content:{"file_key":"xxx","duration":3007} - duration 由 ffprobe 自动获取,无需手动指定
7. 打压缩包后发送
当需要发送多个文件或不支持的格式时,先打包再发送:
7.1 打 zip 包
zip -j /tmp/archive.zip /path/to/file1 /path/to/file2
7.2 打 tar.gz 包
tar czf /tmp/archive.tar.gz -C /path/to/dir .
7.3 发送压缩包
message action=send channel=feishu filePath=/tmp/archive.zip message="打包文件"
格式支持速查表
| 类型 | 格式 | 发送方式 | 飞书显示 |
|---|---|---|---|
| 图片 | jpg/png/gif/webp | filePath 或 media(URL) | 内嵌图片 |
| 文档 | pdf/doc/xls/ppt | filePath | 文件卡片 |
| 视频 | mp4/mov/avi | exec+curl (file_type=stream) | 文件卡片 |
| 音频 | mp3/wav/flac | filePath | 文件卡片 |
| 语音 | opus/ogg | filePath | 可播放语音条 |
| 压缩包 | zip/tar.gz | filePath | 文件卡片 |
| 网络图片 | URL | media | 内嵌图片 |
注意事项
- 文件大小限制:默认 30MB
- 语音必须是 Ogg/Opus 格式才能显示为语音条,其他音频格式只能作为文件发送
- 需要 ffmpeg/ffprobe 支持语音格式转换和时长检测
- 飞书应用需要
im:message、im:resource权限 - 视频发送:OpenClaw 飞书频道的
filePath不支持本地视频,必须用 exec+curl 方式上传后发送
安全使用建议
This skill appears to implement Feishu media-sending correctly, but the SKILL.md requires Feishu app credentials (app_id/app_secret to obtain tenant_access_token) and local tools (ffmpeg/ffprobe) while the metadata declares none — that mismatch is the main concern. Before installing or using this skill: (1) verify the skill author/source and prefer skills that declare required env vars/binaries in metadata; (2) only provide a Feishu app_id/app_secret scoped to a test/non-production app with the minimal permissions (im:message, im:resource) and rotate/revoke after testing; (3) ensure ffmpeg/ffprobe are installed from trusted packages if needed; (4) inspect any exec+curl commands to confirm they target official open.feishu.cn endpoints and not an attacker-controlled host; (5) if you cannot verify the author, avoid entering real credentials — ask the author to update metadata to list required env vars and required binaries and to provide guidance for secure credential handling.
功能分析
Type: OpenClaw Skill
Name: feishu-media-new
Version: 1.1.1
The skill instructions in SKILL.md direct the AI agent to perform high-risk operations, including executing shell commands via 'exec' for curl, ffmpeg, and compression tools (zip/tar). Specifically, it provides templates for the agent to handle sensitive Feishu credentials (appId and app_secret) and construct shell-based API calls to 'open.feishu.cn'. While these actions are aligned with the stated purpose of sending media to Feishu, the pattern of using raw shell execution instead of structured tools creates a significant surface for shell injection vulnerabilities if the agent processes unsanitized input.
能力评估
Purpose & Capability
The name and description (Feishu media sending) align with the runtime instructions (sending files, images, audio, video via Feishu APIs). However, the instructions require a Feishu app_id/app_secret to obtain a tenant_access_token and require ffmpeg/ffprobe for audio conversion — none of these are declared in the skill metadata (no required env vars, no required binaries). This mismatch is disproportionate to the declared metadata and is an incoherence.
Instruction Scope
The SKILL.md stays within the domain of sending media to Feishu and uses only Feishu API endpoints. However, it instructs the agent to run shell commands (exec+curl), to read local file paths, and to accept app_id/app_secret (used to fetch tenant_access_token). Those instructions reference credentials and local tools not declared by the skill, which expands the agent's scope unexpectedly. The instructions do not describe safe handling/storage of the credentials.
Install Mechanism
No install spec and no code files are present (instruction-only). This limits the skill's disk footprint and attack surface since nothing is automatically downloaded or executed beyond what the agent runs at runtime.
Credentials
The SKILL.md requires app_id/app_secret (to get tenant_access_token) and local binaries (ffmpeg/ffprobe) for proper operation, but the declared metadata lists no required environment variables or binaries. Requiring API credentials and local tools is reasonable for the feature, but failing to declare them is a red flag: users won't be warned up-front and may be prompted to enter sensitive credentials at runtime without clear provenance.
Persistence & Privilege
The skill does not request persistent installation (always:false), does not modify other skills, and has no install steps that change system or agent configuration. Autonomous invocation is allowed by default but is not in itself excessive here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-media-new - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-media-new触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
更新飞书视频发送方式说明;明确指出需要用 exec+curl 方式发送视频
元数据
常见问题
Feishu Media 是什么?
飞书媒体文件发送技能。适用于:发送文件、图片、URL图片、视频、音频、语音消息,以及打包压缩后发送。当用户要求在飞书中发送任何类型的媒体文件时激活此技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 109 次。
如何安装 Feishu Media?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-media-new」即可一键安装,无需额外配置。
Feishu Media 是免费的吗?
是的,Feishu Media 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Feishu Media 支持哪些平台?
Feishu Media 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Feishu Media?
由 a1024708231(@a1024708231)开发并维护,当前版本 v1.1.1。
推荐 Skills