← 返回 Skills 市场

Feishu Send Voice

Name: Feishu Send Voice
Author: tangc

作者 tangzhan_aicoding · GitHub ↗ · v0.1.0

cross-platform ⚠ suspicious

538

总下载

当前安装

版本数

在 OpenClaw 中安装

/install feishu-send-voice

功能描述

将文本转为语音并通过飞书 audio 消息发送给指定用户。用于“给用户发语音”“把这段话转语音并发飞书”“语音播报结果”等场景，尤其当普通文件发送会降级为文本时使用。仅在指定 channel=feishu 时触发。优先在需要高可达、可听播报时使用。

使用说明 (SKILL.md)

Feishu Voice TTS

Overview

把文本转换为语音（edge-tts），再转码为飞书可用的 Opus（OGG 容器），调用飞书开放平台“先上传文件再发 audio 消息”的标准流程发送，避免“直接发文件被降级成文本”。

Quick Start

执行脚本：

skills/feishu-voice-tts/scripts/send_feishu_voice.sh "用户你好，这是一条语音消息" "user_open_id"

参数：

text（必填）要播报的文本
open_id（必填，可用环境变量替代）飞书用户 open_id
voice（可选）edge-tts 音色，默认 zh-CN-YunxiNeural

环境变量（可选，优先级高于配置文件）：

FEISHU_APP_ID
FEISHU_APP_SECRET
FEISHU_OPEN_ID
EDGE_TTS_VOICE

Workflow

按以下顺序执行，不要跳步：

文本转语音：edge-tts 生成 mp3
转码：ffmpeg 转为 audio/ogg（opus 编码，16k 单声道）
获取 tenant token：飞书 /auth/v3/tenant_access_token/internal
上传语音文件：飞书 /im/v1/files，拿 file_key
发送 audio 消息：飞书 /im/v1/messages，msg_type=audio + file_key

成功时脚本输出：

{"success": true, "message_id": "...", "file_key": "..."}

Requirements

ffmpeg 可用
edge-tts 可用（脚本自动尝试以下入口）：
- edge-tts
- ~/Library/Python/3.14/bin/edge-tts
- python3 -m edge_tts
本机存在 OpenClaw 配置：~/.openclaw/openclaw.json
- 默认读取：channels.feishu.accounts.feishu-main.appId/appSecret

Failure Handling

缺少依赖：按报错安装（例如 python3 -m pip install --user edge-tts）
飞书 API 失败：脚本会直接输出原始 JSON 错误，按 code/msg 排查
被降级成文本：确认发送的是 msg_type=audio 且 content 里是上传后的 file_key

scripts/

scripts/send_feishu_voice.sh：完整自动化脚本（TTS + 转码 + 上传 + 发送）

安全使用建议

This skill appears to be what it claims (text→TTS→send to Feishu). Before installing or running it: 1) verify the script source/trustworthiness (source is listed as unknown); 2) note that it reads your Feishu appId/appSecret either from environment variables or from ~/.openclaw/openclaw.json — the package metadata did not declare that config dependency, so confirm you’re comfortable granting it access to that file; 3) prefer supplying FEISHU_APP_ID/FEISHU_APP_SECRET via environment variables rather than leaving credentials in shared config; 4) inspect and run the script in a controlled environment (or with minimal-permission Feishu app) to confirm behavior; and 5) ensure edge-tts and ffmpeg are installed from trusted sources. If you cannot verify the skill source or do not want the skill to read ~/.openclaw/openclaw.json, do not install/run it.

功能分析

Type: OpenClaw Skill Name: feishu-send-voice Version: 0.1.0 The skill is classified as suspicious due to its inherent capabilities, which, while necessary for its stated purpose, carry significant security risks. It reads sensitive Feishu API credentials (appId, appSecret) from the OpenClaw configuration file (`~/.openclaw/openclaw.json`) or environment variables. The script executes external commands (`edge-tts`, `ffmpeg`, `curl`) with user-provided text, which introduces potential command injection vulnerabilities, particularly with the `$TEXT` argument passed to `edge-tts`. Although there is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or backdoor installation, the direct handling of sensitive credentials and execution of external commands with user input constitutes a high-risk capability that could be exploited.

能力评估

✓ Purpose & Capability

The script implements exactly what the name/description promise: uses edge-tts to generate MP3, ffmpeg to convert to opus-in-ogg, obtains a Feishu tenant token, uploads the file and sends an audio message to a specified open_id. The need for ffmpeg, edge-tts and Feishu credentials is coherent with that purpose.

✓ Instruction Scope

SKILL.md and the shell script are consistent: they instruct running the provided script which only reads the OpenClaw config (or env vars), writes temporary files, calls local binaries (edge-tts/ffmpeg/ffprobe/python3) and makes requests to official Feishu endpoints. The script does not reference other system paths or send data to unexpected external endpoints.

✓ Install Mechanism

There is no install spec; this is instruction-only plus a shell script that relies on existing local binaries. That is the lowest install risk and consistent with the declared runtime requirements.

⚠ Credentials

Registry metadata lists no required config paths or credentials, but the script and SKILL.md require Feishu credentials — either via environment variables (FEISHU_APP_ID/FEISHU_APP_SECRET) or by reading ~/.openclaw/openclaw.json. This mismatch (metadata says none, runtime requires credentials/config) is an incoherence that could surprise users. Otherwise, the amount and type of secrets requested are proportional to the task.

✓ Persistence & Privilege

The skill does not request permanent/always-on inclusion, does not modify other skills or global agent settings, and does not persist credentials beyond the normal API calls. Autonomous invocation is allowed (platform default) but not combined with other high-risk behaviors.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install feishu-send-voice
安装完成后，直接呼叫该 Skill 的名称或使用 /feishu-send-voice 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

- Initial release of feishu-voice-tts skill. - Converts text to speech using edge-tts and sends as Feishu audio message. - Avoids file downgrade to text by following Feishu's "upload file then send audio message" workflow. - Supports customizable voice, user open_id, and flexible configuration via environment variables. - Includes a shell script for full automation of TTS, file conversion, upload, and message sending.

元数据

Slug feishu-send-voice

版本 0.1.0

许可证 —

累计安装 5

当前安装数 5

历史版本数 1

常见问题