← 返回 Skills 市场
142
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install feishu-messaging-bak
功能描述
飞书消息发送与文档创建工作流。 触发场景:查找群成员、查找群ID、发送消息失败需要重新尝试。 适用于:发送飞书消息。
使用说明 (SKILL.md)
飞书消息与文档 Skill
概述
此 Skill 通过飞书开放平台 API 帮助用户发送消息、创建文档和管理飞书资源。
核心能力
| 功能 | 状态 | 所需权限 |
|---|---|---|
| 发送文本消息 | ✅ 可用 | im:message:send_as_bot |
| 获取群聊列表 | ✅ 可用 | im:chat:readonly |
| 获取群成员 | ✅ 可用 | im:chat.members:read |
使用方法
发送消息给指定用户
给 [姓名] 发一条飞书消息,告诉他 [内容]
前置条件:需要获取用户的 open_id
1. 获取群聊id的方法
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
request: SearchChatRequest = SearchChatRequest.builder() \
.user_id_type("open_id") \
.query("小鸭子") \
.page_size(20) \
.build()
# 发起请求
response: SearchChatResponse = client.im.v1.chat.search(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.chat.search failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
2. 发送消息
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
request: CreateMessageRequest = CreateMessageRequest.builder() \
.receive_id_type("open_id") \
.request_body(CreateMessageRequestBody.builder()
.receive_id("ou_7d8a6e6df7621556ce0d21922b676706ccs")
.msg_type("text")
.content("{\"text\":\"test content\"}")
.uuid("选填,每次调用前请更换,如a0d69e20-1dd1-458b-k525-dfeca4015204")
.build()) \
.build()
# 发起请求
response: CreateMessageResponse = client.im.v1.message.create(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.message.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
3. 图片消息
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
file = open("小鸭子.jpg", "rb")
request: CreateImageRequest = CreateImageRequest.builder() \
.request_body(CreateImageRequestBody.builder()
.image_type("message")
.image(file)
.build()) \
.build()
# 发起请求
response: CreateImageResponse = client.im.v1.image.create(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.image.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
4. 上传文件
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
file = open("飞书20260129-173520.mp4", "rb")
request: CreateFileRequest = CreateFileRequest.builder() \
.request_body(CreateFileRequestBody.builder()
.file_type("mp4")
.file_name(""1.mp4"")
.duration("3000")
.file(file)
.build()) \
.build()
# 发起请求
response: CreateFileResponse = client.im.v1.file.create(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.file.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
5. 查询群成员
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
request: GetChatMembersRequest = GetChatMembersRequest.builder() \
.chat_id("oc_dcc94d101e8d41e291e90f4623eca17a") \
.member_id_type("user_id") \
.build()
# 发起请求
response: GetChatMembersResponse = client.im.v1.chat_members.get(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.chat_members.get failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
文档
安全使用建议
This skill mostly does what it says (Feishu messaging), but there are important red flags you should address before using it:
- Do not run the included scripts as-is. They contain hard-coded App ID/Secret values that could belong to someone else; running them might send messages or access a tenant you don't control. Treat these as leaked credentials.
- Ask the publisher to confirm the origin and to remove embedded secrets. Prefer a version that requires you to set FEISHU_APP_ID and FEISHU_APP_SECRET explicitly (and documents required scopes and how to obtain/revoke keys).
- If you need this capability, create your own Feishu App credentials, set them via environment variables, and ensure the app only has the minimal permissions (e.g., im:message:send_as_bot, im:chat:readonly) needed.
- Verify and reconcile metadata: the _meta.json owner/slug/version mismatch is suspicious — confirm who published this and why versions differ.
- Consider rotating or revoking any credentials you find embedded here (if they belong to your organization). If you cannot validate the origin and the credentials, avoid installing the skill.
If you want, I can extract the exact lines with hard-coded secrets and produce a sanitized version of the scripts that require explicit env vars and add clear documentation about required permissions and revocation steps.
功能分析
Type: OpenClaw Skill
Name: feishu-messaging-bak
Version: 1.0.0
The skill bundle contains multiple scripts (search-user.js, test-feishu.js, and test-send-message.js) with hardcoded Feishu API credentials, specifically APP_ID (cli_a93d0180c0b99cba) and APP_SECRET (KJXQ3hqdRerYwyThNq999gL2btUSkOaR). While the code logic appears to perform legitimate Feishu messaging and search functions as described in SKILL.md, the exposure of active credentials is a major security vulnerability. There is no evidence of intentional malice or data exfiltration, but the presence of these secrets suggests either poor development practices or a potential credential leak.
能力评估
Purpose & Capability
The name, SKILL.md examples and included scripts all implement Feishu (飞书) messaging and user/chat lookup functionality — that is coherent with the stated purpose. However, the skill does not declare any required environment variables in the registry metadata while the bundled JS scripts rely on FEISHU_APP_ID/FEISHU_APP_SECRET (with fallbacks to hard-coded credentials). Additionally _meta.json metadata (owner/slug/version) differs from the registry block, which is unexpected.
Instruction Scope
SKILL.md shows Python examples that expect the developer to supply app_id/app_secret, but it does not mention the included Node.js scripts or the fact that those scripts will read environment variables (FEISHU_APP_ID/FEISHU_APP_SECRET) or fall back to embedded credentials. The runtime instructions do not ask the agent to read unrelated files, but they also do not warn about or explain the embedded secrets or how to replace/revoke them. That lack of transparency widens the skill's effective scope.
Install Mechanism
No install spec is provided and the skill is instruction-only with code files. No external downloads or installers are specified, which is low risk from an installation/mechanism perspective. The presence of executable scripts, however, means running them will execute network calls.
Credentials
The registry requires no environment variables or credentials, but the included scripts expect FEISHU_APP_ID and FEISHU_APP_SECRET (and provide hard-coded fallback values). Hard-coded secrets found in scripts are disproportionate and dangerous: they grant access to a Feishu tenant and are not declared, justified, or documented in the registry metadata or SKILL.md.
Persistence & Privilege
The skill does not request elevated persistence (always: false) and does not attempt to modify other skills or system configuration. Autonomous invocation is enabled by default (disable-model-invocation: false) but that alone is not a high-severity inconsistency here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-messaging-bak - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-messaging-bak触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
feishu-messaging-bak 1.0.0
- Initial release with core features for sending Feishu messages and managing documents.
- Supports sending text messages, retrieving chat lists, and fetching group members.
- Includes detailed usage examples for common messaging workflows.
- Provides code samples for sending images and files via Feishu API.
- Documentation links and permission requirements are clearly outlined.
元数据
常见问题
Feishu Messaging.Bak 是什么?
飞书消息发送与文档创建工作流。 触发场景:查找群成员、查找群ID、发送消息失败需要重新尝试。 适用于:发送飞书消息。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 142 次。
如何安装 Feishu Messaging.Bak?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-messaging-bak」即可一键安装,无需额外配置。
Feishu Messaging.Bak 是免费的吗?
是的,Feishu Messaging.Bak 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Feishu Messaging.Bak 支持哪些平台?
Feishu Messaging.Bak 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Feishu Messaging.Bak?
由 make453(@make453)开发并维护,当前版本 v1.0.0。
推荐 Skills