← 返回 Skills 市场
134
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install feishu-messaging-bak2
功能描述
飞书消息发送与文档创建工作流。 触发场景:查找群成员、查找群ID、发送消息失败需要重新尝试。 适用于:发送飞书消息。
使用说明 (SKILL.md)
飞书消息与文档 Skill
概述
此 Skill 通过飞书开放平台 API 帮助用户发送消息、创建文档和管理飞书资源。
核心能力
| 功能 | 状态 | 所需权限 |
|---|---|---|
| 发送文本消息 | ✅ 可用 | im:message:send_as_bot |
| 获取群聊列表 | ✅ 可用 | im:chat:readonly |
| 获取群成员 | ✅ 可用 | im:chat.members:read |
使用方法
发送消息给指定用户
给 [姓名] 发一条飞书消息,告诉他 [内容]
前置条件:需要获取用户的 open_id
1. 获取群聊id的方法
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
request: SearchChatRequest = SearchChatRequest.builder() \
.user_id_type("open_id") \
.query("小鸭子") \
.page_size(20) \
.build()
# 发起请求
response: SearchChatResponse = client.im.v1.chat.search(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.chat.search failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
2. 发送消息
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
request: CreateMessageRequest = CreateMessageRequest.builder() \
.receive_id_type("open_id") \
.request_body(CreateMessageRequestBody.builder()
.receive_id("ou_7d8a6e6df7621556ce0d21922b676706ccs")
.msg_type("text")
.content("{\"text\":\"test content\"}")
.uuid("选填,每次调用前请更换,如a0d69e20-1dd1-458b-k525-dfeca4015204")
.build()) \
.build()
# 发起请求
response: CreateMessageResponse = client.im.v1.message.create(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.message.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
3. 图片消息
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
file = open("小鸭子.jpg", "rb")
request: CreateImageRequest = CreateImageRequest.builder() \
.request_body(CreateImageRequestBody.builder()
.image_type("message")
.image(file)
.build()) \
.build()
# 发起请求
response: CreateImageResponse = client.im.v1.image.create(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.image.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
4. 上传文件
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
file = open("飞书20260129-173520.mp4", "rb")
request: CreateFileRequest = CreateFileRequest.builder() \
.request_body(CreateFileRequestBody.builder()
.file_type("mp4")
.file_name(""1.mp4"")
.duration("3000")
.file(file)
.build()) \
.build()
# 发起请求
response: CreateFileResponse = client.im.v1.file.create(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.file.create failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
5. 查询群成员
import json
import lark_oapi as lark
from lark_oapi.api.im.v1 import *
def main():
# 创建client
client = lark.Client.builder() \
.app_id("YOUR_APP_ID") \
.app_secret("YOUR_APP_SECRET") \
.log_level(lark.LogLevel.DEBUG) \
.build()
# 构造请求对象
request: GetChatMembersRequest = GetChatMembersRequest.builder() \
.chat_id("oc_dcc94d101e8d41e291e90f4623eca17a") \
.member_id_type("user_id") \
.build()
# 发起请求
response: GetChatMembersResponse = client.im.v1.chat_members.get(request)
# 处理失败返回
if not response.success():
lark.logger.error(
f"client.im.v1.chat_members.get failed, code: {response.code}, msg: {response.msg}, log_id: {response.get_log_id()}, resp:
{json.dumps(json.loads(response.raw.content), indent=4, ensure_ascii=False)}")
return
# 处理业务结果
lark.logger.info(lark.JSON.marshal(response.data, indent=4))
if __name__ == "__main__":
main()
文档
安全使用建议
This skill appears to do what it says (send/search Feishu messages), but stop and verify before installing. Key concerns: (1) the JS files include hard-coded Feishu app_id/app_secret values — treat these as sensitive credentials; they may be valid and could allow the app to act on behalf of that integration. (2) The skill metadata declares no required env vars, yet the code expects FEISHU_APP_ID and FEISHU_APP_SECRET (or falls back to embedded defaults) — the mismatch is sloppy and risky. (3) Metadata owner ID in _meta.json doesn't match the registry ownerId, which could mean files were copied or tampered with. Recommended actions: do not run in production or on systems with real data until you confirm the provenance; request the publisher/source and ask them to (a) remove embedded secrets, (b) declare required env vars in metadata, and (c) republish with matching metadata. If you already supplied any of the embedded credentials elsewhere, rotate them. If you must test, do so in an isolated account or sandbox and monitor for unexpected message activity.
功能分析
Type: OpenClaw Skill
Name: feishu-messaging-bak2
Version: 1.0.0
The skill bundle contains multiple scripts (scripts/search-user.js, scripts/test-feishu.js, and scripts/test-send-message.js) with hardcoded Feishu API credentials (APP_ID and APP_SECRET). While the scripts' logic appears aligned with the stated purpose of managing Feishu messages and users, the inclusion of active credentials is a significant security vulnerability that allows unauthorized access to the associated Feishu application. No clear evidence of intentional data exfiltration to third-party domains was found, as all network requests are directed to the official open.feishu.cn endpoint.
能力评估
Purpose & Capability
Name/description and the included code all target Feishu (open.feishu.cn) message/document APIs — capability aligns with purpose. However, the skill declares no required env vars or primary credential while the runtime scripts clearly expect FEISHU_APP_ID/FEISHU_APP_SECRET or fall back to embedded credentials, which is inconsistent.
Instruction Scope
SKILL.md examples and scripts only call Feishu APIs and show typical usage (search chat, send messages, upload files). They do not appear to read unrelated system files or contact external endpoints beyond open.feishu.cn. But the instructions and examples assume app_id/app_secret are available without declaring them; the runtime files embed defaults, which broadens the effective scope (use of those specific credentials).
Install Mechanism
Instruction-only skill with included small JS scripts; no install spec, no third-party downloads, and no archives being extracted — low install risk.
Credentials
The skill requests no environment variables in metadata, yet the scripts read FEISHU_APP_ID and FEISHU_APP_SECRET (and provide hard-coded fallback values). Embedding real-looking app_id and app_secret values in code is a sensitive practice: those credentials could be valid and allow the app to act in other tenants. The number and nature of secrets (app secret values) are disproportionate to the metadata's 'none' declaration and should be clarified/removed.
Persistence & Privilege
always is false and the skill does not request any persistent system-wide privileges. It does not modify other skills or agent-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-messaging-bak2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-messaging-bak2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of feishu-messaging skill for 飞书消息发送与文档创建工作流
- Supports sending text messages, images, and files via 飞书 API
- Provides functions to search chat groups, retrieve group members, and handle message sending failures
- Includes detailed code examples for all core messaging and file/document operations
- Suitable for 飞书消息发送 workflows requiring group/user lookup and message retries
元数据
常见问题
Feishu Messaging.Bak2 是什么?
飞书消息发送与文档创建工作流。 触发场景:查找群成员、查找群ID、发送消息失败需要重新尝试。 适用于:发送飞书消息。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。
如何安装 Feishu Messaging.Bak2?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-messaging-bak2」即可一键安装,无需额外配置。
Feishu Messaging.Bak2 是免费的吗?
是的,Feishu Messaging.Bak2 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Feishu Messaging.Bak2 支持哪些平台?
Feishu Messaging.Bak2 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Feishu Messaging.Bak2?
由 make453(@make453)开发并维护,当前版本 v1.0.0。
推荐 Skills