功能描述

Operate Feishu or Lark IM APIs through UXC with a curated OpenAPI schema, tenant-token bearer auth, and chat/message guardrails.

使用说明 (SKILL.md)

Feishu / Lark IM Skill

Name: Feishu Openapi Skill
Author: jolestar

Use this skill to run Feishu or Lark IM operations through uxc + OpenAPI.

Reuse the uxc skill for shared execution, auth, and error-handling guidance.

Prerequisites

uxc is installed and available in PATH.
Network access to https://open.feishu.cn/open-apis or https://open.larksuite.com/open-apis.
Access to the curated OpenAPI schema URL:
- https://raw.githubusercontent.com/holon-run/uxc/main/skills/feishu-openapi-skill/references/feishu-im.openapi.json
A Feishu or Lark app with bot capability enabled.
A Feishu or Lark app app_id + app_secret, or a current tenant_access_token if you are using the manual fallback path.

Scope

This skill covers an IM-focused request/response surface:

chat lookup
chat member lookup
image and file upload for IM sends
message send and reply
selected message history reads
basic user lookup through contact APIs

This skill does not cover:

docs, bitable, approval, or non-IM product families
the full Feishu or Lark Open Platform surface

Subscribe Status

Feishu and Lark expose event-delivery models beyond plain request/response APIs, including long-connection event delivery in the platform ecosystem.

Current uxc subscribe status:

request/response IM operations are validated
inbound message intake is validated through the built-in feishu-long-connection transport
live validation confirmed real im.message.receive_v1 events delivered into the subscribe sink for a p2p bot chat

Important runtime notes:

feishu-long-connection is a provider-aware transport inside uxc subscribe; it is not a plain raw WebSocket stream
the runtime opens a temporary WebSocket URL from /callback/ws/endpoint
frames are protobuf binary messages, not text JSON
the runtime sends required event acknowledgements and ping control frames automatically

Endpoint Choice

This schema works against either Feishu or Lark Open Platform base URLs:

China / Feishu default: https://open.feishu.cn/open-apis
International / Lark alternative: https://open.larksuite.com/open-apis

The fixed link example below uses Feishu. For Lark, use the same schema URL against the Lark base host.

Authentication

Feishu and Lark service-side APIs use Authorization: Bearer \x3Ctenant_access_token> for these operations.

Preferred setup is to store app_id + app_secret as credential fields and let uxc auth bootstrap fetch and refresh the short-lived tenant token automatically.

Feishu bootstrap-managed setup:

uxc auth credential set feishu-tenant \
  --auth-type bearer \
  --field app_id=env:FEISHU_APP_ID \
  --field app_secret=env:FEISHU_APP_SECRET

uxc auth bootstrap set feishu-tenant \
  --token-endpoint https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal \
  --header 'Content-Type=application/json; charset=utf-8' \
  --request-json '{"app_id":"{{field:app_id}}","app_secret":"{{field:app_secret}}"}' \
  --access-token-pointer /tenant_access_token \
  --expires-in-pointer /expire \
  --success-code-pointer /code \
  --success-code-value 0

uxc auth binding add \
  --id feishu-tenant \
  --host open.feishu.cn \
  --path-prefix /open-apis \
  --scheme https \
  --credential feishu-tenant \
  --priority 100

For Lark, use the same bootstrap shape against the Lark host and bind the credential to open.larksuite.com.

To use long-connection subscribe, the credential still needs app_id and app_secret fields because the transport opens its own temporary event URL outside the normal bearer-token request path.

Manual fallback if you already have a tenant token:

curl -sS https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal \
  -H 'Content-Type: application/json; charset=utf-8' \
  -d '{"app_id":"cli_xxx","app_secret":"xxxx"}'

Lark uses the same path shape on the Lark host:

curl -sS https://open.larksuite.com/open-apis/auth/v3/tenant_access_token/internal \
  -H 'Content-Type: application/json; charset=utf-8' \
  -d '{"app_id":"cli_xxx","app_secret":"xxxx"}'

Configure one bearer credential and bind it to the Feishu API host:

uxc auth credential set feishu-tenant \
  --auth-type bearer \
  --secret-env FEISHU_TENANT_ACCESS_TOKEN

uxc auth binding add \
  --id feishu-tenant \
  --host open.feishu.cn \
  --path-prefix /open-apis \
  --scheme https \
  --credential feishu-tenant \
  --priority 100

For Lark, create the same binding against open.larksuite.com:

uxc auth binding add \
  --id lark-tenant \
  --host open.larksuite.com \
  --path-prefix /open-apis \
  --scheme https \
  --credential feishu-tenant \
  --priority 100

Inspect or pre-warm bootstrap state when auth looks wrong:

uxc auth bootstrap info feishu-tenant
uxc auth bootstrap refresh feishu-tenant

Validate the active binding when auth looks wrong:

uxc auth binding match https://open.feishu.cn/open-apis

Core Workflow

Use the fixed link command by default:
- command -v feishu-openapi-cli
- If missing, create it: uxc link feishu-openapi-cli https://open.feishu.cn/open-apis --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/feishu-openapi-skill/references/feishu-im.openapi.json
- feishu-openapi-cli -h
Inspect operation schema first:
- feishu-openapi-cli get:/im/v1/chats -h
- feishu-openapi-cli post:/im/v1/images -h
- feishu-openapi-cli post:/im/v1/files -h
- feishu-openapi-cli post:/im/v1/messages -h
- feishu-openapi-cli get:/im/v1/messages -h
Prefer read/setup validation before writes:
- feishu-openapi-cli get:/im/v1/chats page_size=20
- feishu-openapi-cli get:/im/v1/chats/{chat_id} chat_id=oc_xxx
- feishu-openapi-cli get:/contact/v3/users/{user_id} user_id=ou_xxx user_id_type=open_id
Execute with key/value or positional JSON:
- key/value: feishu-openapi-cli get:/im/v1/messages container_id_type=chat container_id=oc_xxx page_size=20
- multipart upload: feishu-openapi-cli post:/im/v1/images image_type=message image=/tmp/example.png
- positional JSON: feishu-openapi-cli post:/im/v1/messages receive_id_type=chat_id '{"receive_id":"oc_xxx","msg_type":"text","content":"{\"text\":\"Hello from UXC\"}"}'
For inbound message intake, use uxc subscribe directly:
- uxc subscribe start https://open.feishu.cn/open-apis --transport feishu-long-connection --auth feishu-tenant --sink file:$HOME/.uxc/subscriptions/feishu.ndjson
- send a bot-visible message, then inspect the sink for header.event_type = "im.message.receive_v1"

Operation Groups

Chat Reads

get:/im/v1/chats
get:/im/v1/chats/{chat_id}
get:/im/v1/chats/{chat_id}/members

Message Reads / Writes

get:/im/v1/messages
get:/im/v1/messages/{message_id}
post:/im/v1/messages
post:/im/v1/messages/{message_id}/reply

Uploads

post:/im/v1/images
post:/im/v1/files

User Lookup

get:/contact/v3/users/{user_id}
post:/contact/v3/users/batch_get_id

Guardrails

Keep automation on the JSON output envelope; do not use --text.
Parse stable fields first: ok, kind, protocol, data, error.
Prefer uxc auth bootstrap over manual token management. Manual tenant_access_token setup is still supported as a fallback.
feishu-long-connection requires the app credential fields app_id and app_secret; a plain bearer-only credential is not enough for event intake.
post:/im/v1/images and post:/im/v1/files use multipart/form-data. File fields must be local path strings; help output marks them as multipart file fields.
post:/im/v1/messages requires the receive_id_type query parameter and the body content field is a JSON-encoded string, not a nested JSON object.
Upload first, then send by returned key:
- image sends use msg_type=image with content='{\"image_key\":\"img_xxx\"}'
- file sends use msg_type=file with content='{\"file_key\":\"file_xxx\"}'
post:/im/v1/messages/{message_id}/reply is for explicit replies to an existing message. Treat it as a high-risk write.
History reads only return chats and messages visible to the bot/app configuration. Auth success does not imply access to every chat.
Long-connection message intake is validated for Feishu bot chats; webhook-style callbacks and non-IM products are still out of scope.
feishu-openapi-cli \x3Coperation> ... is equivalent to uxc https://open.feishu.cn/open-apis --schema-url \x3Cfeishu_openapi_schema> \x3Coperation> ....

References

Usage patterns: references/usage-patterns.md
Curated OpenAPI schema: references/feishu-im.openapi.json
Feishu Open Platform docs: https://open.feishu.cn/document/
Lark Open Platform docs: https://open.larksuite.com/document/

安全使用建议

This skill appears to do what it claims (Feishu/Lark IM integration) but you should confirm a few things before installing: 1) Ensure you have the 'uxc' binary available — SKILL.md requires it but the registry metadata does not list it. 2) Expect to supply sensitive credentials (app_id/app_secret or tenant token); follow secure practices (use a secrets store, avoid plain-shell history, don't paste secrets into logs). 3) The skill's long-connection subscribe writes to a local sink file (e.g., $HOME/.uxc/subscriptions/feishu.ndjson); confirm you are comfortable with message intake being written to disk. 4) The included scripts/validation use ripgrep (rg) and jq — those tools are required only for validation. 5) Because the skill source and homepage are unknown, inspect the OpenAPI schema and SKILL.md yourself and prefer setting up credentials in a scoped service account with minimal permissions. If you need higher assurance, ask the publisher for provenance (homepage, repository) or run the validate.sh checks in an isolated environment first.

功能分析

Type: OpenClaw Skill Name: feishu-openapi-skill Version: 1.0.1 The skill bundle provides a legitimate integration for interacting with Feishu and Lark IM APIs via the uxc tool. It includes a curated OpenAPI schema (feishu-im.openapi.json), clear documentation for authentication bootstrapping using environment variables, and a validation script (validate.sh) to ensure bundle integrity. The operations, including message sending and long-connection event subscription, are consistent with the stated purpose and follow standard security practices for secret management without any evidence of malicious intent or data exfiltration.

能力评估

ℹ Purpose & Capability

The name/description, OpenAPI schema, usage examples, and SKILL.md all consistently document an IM-focused Feishu/Lark integration via the 'uxc' tooling. That capability aligns with the files included (schema, examples, subscribe guidance).

✓ Instruction Scope

SKILL.md stays on-scope for an IM integration: it instructs using uxc to link a schema, call IM and contact endpoints, upload files/images, and subscribe for inbound messages. It references writing a subscription sink file and uploading local files which are expected for this use case and do not attempt to read unrelated system state.

✓ Install Mechanism

No install spec — instruction-only skill — so nothing will be downloaded or written by the skill itself. The included validation script is benign and only checks files/formats.

⚠ Credentials

SKILL.md assumes use of sensitive credentials (FEISHU_APP_ID, FEISHU_APP_SECRET, or FEISHU_TENANT_ACCESS_TOKEN) and shows commands that bind tokens into uxc. Those are appropriate for this integration, but the registry metadata lists no required env vars and no primary credential. Additionally, SKILL.md requires the 'uxc' binary (and the validate script requires 'rg' and 'jq'), but the published metadata lists no required binaries. The mismatch between instructions and declared requirements is a coherence issue users should be aware of.

✓ Persistence & Privilege

The skill does not request 'always: true' and does not modify other skills or system-wide settings. Autonomous invocation is allowed (default) but is not combined with other high-risk flags here.

版本历史

v1.0.1

- Added support for image and file uploads to Feishu/Lark IM via `post:/im/v1/images` and `post:/im/v1/files`. - Updated documentation to include new upload endpoints, parameter guidance, and multipart/form-data usage. - Expanded operation examples in the workflow section to demonstrate image/file upload commands. - Refined scope and guardrails to clarify supported request types and file upload requirements.

v1.0.0

Initial release of Feishu / Lark IM skill with OpenAPI integration. - Provides CLI-driven access to Feishu and Lark IM APIs via a curated OpenAPI schema and tenant-token authentication. - Supports chat lookup, chat member lookup, sending/replying to messages, message history, and basic user info. - Includes support for real-time message intake using Feishu's long-connection event transport. - Offers guidance for both automated token management and manual token setup for authentication. - Focuses on IM functions; does not cover docs, approvals, or non-IM APIs. - Provides operational guardrails and example commands for safe and effective usage.

元数据

Slug feishu-openapi-skill

版本 1.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题

Feishu Openapi Skill 是什么？

Operate Feishu or Lark IM APIs through UXC with a curated OpenAPI schema, tenant-token bearer auth, and chat/message guardrails. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 262 次。

如何安装 Feishu Openapi Skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-openapi-skill」即可一键安装，无需额外配置。

Feishu Openapi Skill 是免费的吗？

是的，Feishu Openapi Skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Feishu Openapi Skill 支持哪些平台？

Feishu Openapi Skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Feishu Openapi Skill？

由 jolestar（@jolestar）开发并维护，当前版本 v1.0.1。

Feishu Openapi Skill