← 返回 Skills 市场
Feishu Send Files
作者
zhangxusong637
· GitHub ↗
· v1.0.1
· MIT-0
190
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install feishu-send-files
功能描述
飞书文件批量发送技能,支持机器人触发和命令行调用,自动配置,零依赖
使用说明 (SKILL.md)
feishu-send-files 技能说明
基础信息
- 技能名称:feishu-send-files
- 触发指令:发文件 / 帮我发 / 发送文件 / 自然语言
- 运行入口:index.js
- 日志路径:技能目录下 logs/
- 依赖:无外部依赖(仅 Node.js 内置模块)
⚠️ 重要:两种触发模式的区别
模式 1:机器人触发(推荐)
在群里@机器人 或 私聊@机器人,直接说:
发文件 /path/to/file.pptx
发一下这个 PPT
✅ 自动识别发送目标:
- 群里@机器人 → 发到当前群
- 私聊@机器人 → 发到私聊
模式 2:命令行调用(手动指定)
在终端运行:
cd /home/node/.openclaw/workspace/skills/feishu-send-files
node index.js --file "/path/to/file.pptx" --to "chat:群聊 ID"
⚠️ 必须手动指定发送目标:
--to "chat:oc_xxx"→ 发到群聊--to "open_id:ou_xxx"→ 发到个人- 不传
--to参数 → 默认发到个人(容易发错!)
功能描述
飞书文件发送技能,支持三种模式:
1. 精确路径模式(机器人触发)
发文件 /home/node/test.pptx
2. 文件名搜索模式(机器人触发)
发文件 test.pdf
自动在 workspace 目录查找。
3. 模糊匹配 + 交互式选择(机器人触发)
把 workspace 里面那个 PPT 文件发给我
发一下 Excel 文件
机器人搜索→展示列表→让你选择→发送。
核心特性:
- ✅ 递归搜索 workspace 目录(3 层深度)
- ✅ 智能关键词提取(中文 + 英文)
- ✅ 自动文件类型识别(12 种常见格式)
- ✅ 交互式选择(数字/文件名)
- ✅ 批量发送(多文件选择) - 回复
1,2,3或all - ✅ 文件大小显示
- ✅ 完整日志记录
- ✅ 错误处理和状态反馈
触发规则
{
"triggers": [
{"type": "exact_match", "value": "发文件"},
{"type": "prefix_match", "value": "发文件 "},
{"type": "mention", "value": "发文件"},
{"type": "prefix_match", "value": "帮我发"},
{"type": "prefix_match", "value": "发一下"},
{"type": "prefix_match", "value": "把文件"},
{"type": "prefix_match", "value": "发送文件"},
{"type": "prefix_match", "value": "发这个文件"},
{"type": "prefix_match", "value": "发那个文件"},
{"type": "contains", "value": "发文件"},
{"type": "contains", "value": "发送文件"}
]
}
快速使用指南
✅ 推荐:群里@机器人发送
@机器人 发文件 /path/to/file.pptx
@机器人 发一下这个 PPT
优点:自动识别群聊/私聊,不会发错!
⚠️ 命令行调用(需要手动指定目标)
# 发到群聊
node index.js --file "/path/to/file.pptx" --to "chat:oc_群聊 ID"
# 发到个人
node index.js --file "/path/to/file.pptx" --to "open_id:ou_用户 ID"
# 不传 --to 参数 → 默认发到个人(容易发错!)
命令行参数说明
| 参数 | 说明 | 示例 |
|---|---|---|
--file |
文件路径(可多次) | --file "/path/a.pptx" --file "/path/b.pdf" |
--files |
多个文件(逗号分隔) | --files "/path/a.pptx,/path/b.pdf" |
--search |
搜索关键词 | --search "PPT" |
--to |
必须指定发送目标 | --to "chat:oc_xxx" 或 --to "open_id:ou_xxx" |
使用示例
精确路径(机器人触发)
发文件 /home/node/test.pptx
@机器人 发文件 /path/to/data.xlsx
文件名搜索(机器人触发)
发文件 test.pdf
帮我发一下 report.docx
模糊匹配(机器人触发)
把 workspace 里面那个 PPT 文件发给我
发一下 Excel 文件
帮我发会议纪要
发送那个 PDF
机器人响应:
找到 3 个匹配文件,请选择:
1. test.pptx (2.3 MB)
2. 交易报告.pptx (1.8 MB)
3. 会议纪要.pptx (856 KB)
回复数字选择(如:1)或输入多个数字(如:1,2,3)或输入 "all" 发送全部
批量发送示例:
用户:发 PPT 文件
机器人:找到 3 个文件...请选择
用户:1,3
机器人:✅ 发送完成!成功 2/2 个文件
快速排错
| 问题 | 解决方法 |
|---|---|
| 文件发错地方(发到个人而不是群里) | 机器人触发时自动识别;命令行调用必须加 --to "chat:群聊 ID" |
| 文件名异常 | 使用最终版 index.js |
| 无日志 | 赋权 logs 目录:chmod -R 777 logs |
| 机器人无响应 | 重启 OpenClaw,检查文件路径 |
| 发送失败 | 检查飞书权限与 appId/appSecret 配置 |
| token 获取失败 | 检查 appId/appSecret 是否正确 |
| 文件上传失败 | 检查文件大小(≤30MB)和网络 |
| 未找到匹配文件 | 检查关键词是否准确,或用绝对路径 |
| 多个匹配文件 | 机器人会列出列表,回复数字或文件名选择 |
最佳实践
✅ 推荐:在群里@机器人发送文件(自动识别群聊)
❌ 避免:命令行调用时忘记加 --to 参数(会发到个人)
技术实现
- Token 获取:使用 tenant_access_token 内部门户 API
- 文件上传:multipart/form-data 表单上传到飞书文件接口
- 消息发送:使用 file_key 发送文件消息
- 日志记录:同步追加写入,确保不丢失
- 路径提取:智能识别绝对路径、相对路径、workspace 目录文件
- 模糊搜索:递归搜索 + 关键词匹配 + 扩展名过滤
- 交互式选择:展示文件列表,等待用户选择
权限要求
- im:message:send_as_bot
- im:message:send_to_chat
- im:message:send_to_open_id
安全使用建议
What to check before installing: 1) Inspect ~/.openclaw/openclaw.json to confirm which Feishu appId/appSecret would be used and ensure those credentials have minimal permissions. 2) Review the index.js code (already included) to confirm you trust it to read files under ~/.openclaw/workspace and any absolute paths the user supplies — the skill can send any readable file. 3) If you only want limited scope, run the script as an unprivileged user and keep sensitive files out of the workspace/home directory accessible to the skill. 4) Consider requiring the skill author to: declare required config paths/credentials in metadata, and add safeguards (confirmation prompts before sending files outside workspace, safer defaults for CLI --to). 5) If unsure, test in a sandboxed environment or reject installation until the manifest and documentation explicitly list the config/credential dependencies.
功能分析
Type: OpenClaw Skill
Name: feishu-send-files
Version: 1.0.1
The skill 'feishu-send-files' provides a utility to send files to Feishu but contains a high-risk vulnerability in 'index.js'. The 'extractFilePath' function uses a broad regular expression to identify absolute paths and allows the agent to read and upload any file from the host system (e.g., '/etc/passwd') to Feishu, bypassing the 'workspace' directory restrictions mentioned in the documentation. While the script appears to follow its stated purpose and only communicates with 'open.feishu.cn', the lack of path sanitization or directory sandboxing creates a significant risk for unauthorized data exfiltration.
能力评估
Purpose & Capability
The code and SKILL.md implement a Feishu file-send capability (search workspace, upload to open.feishu.cn, send file message), which matches the name/description. However the registry metadata lists no required config paths or credentials, while the code explicitly reads ~/.openclaw/openclaw.json for channels.feishu (appId/appSecret) and reads/writes workspace config files. The skill therefore uses credentials/config that were not declared in the manifest.
Instruction Scope
Runtime instructions and the code align: the skill supports robot triggers and CLI use, recursive search of the workspace, absolute-path sending, and interactive selection. Important behavioral details in the code (searches ~/.openclaw/workspace, allows absolute paths anywhere on disk, auto-creates workspace config.json) are within the stated purpose but are powerful — the skill can read arbitrary files accessible to the user and send them to Feishu, and the CLI defaults to sending to a personal OpenID if --to is omitted (risk of accidental data exposure).
Install Mechanism
No remote download or install steps are present; the package is instruction-only plus a local Node.js script. No external packages or third-party archives are fetched or extracted during install, which lowers supply-chain risk.
Credentials
The package does not declare any required environment variables or primary credentials, yet the code requires Feishu appId/appSecret stored in ~/.openclaw/openclaw.json (channels.feishu) to obtain tenant_access_token and perform uploads/messages. It also reads/writes workspace config.json and logs. Not declaring these config/credential dependencies is an incoherence and raises risk (the skill will access sensitive credentials/configs).
Persistence & Privilege
The skill does not request 'always' or elevated platform privileges. It writes logs under its directory and may create or update workspace/config.json in the OpenClaw workspace. This is normal for local configuration but should be noted: it will persist a default recipient and logs on disk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-send-files - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-send-files触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Improved documentation to clearly distinguish between bot-triggered and command line modes, emphasizing correct usage to avoid sending files to the wrong recipient.
- Added detailed instructions and table for command line arguments, including --file, --files, --search, and --to parameters.
- Clarified best practices, highlighting the recommendation to trigger via bot mention for safest recipient targeting.
- Included troubleshooting for common mistakes, especially misdirected file sends when using command line without explicit --to.
- Added a new metadata file for enhanced skill management.
v1.0.0
初始版本:支持机器人触发和命令行调用,自动配置,批量发送多文件
元数据
常见问题
Feishu Send Files 是什么?
飞书文件批量发送技能,支持机器人触发和命令行调用,自动配置,零依赖. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 190 次。
如何安装 Feishu Send Files?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-send-files」即可一键安装,无需额外配置。
Feishu Send Files 是免费的吗?
是的,Feishu Send Files 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Feishu Send Files 支持哪些平台?
Feishu Send Files 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Feishu Send Files?
由 zhangxusong637(@zhangxusong637)开发并维护,当前版本 v1.0.1。
推荐 Skills