← 返回 Skills 市场
Feishu File Sender
作者
yingyangdao
· GitHub ↗
· v1.2.0
398
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install feishu-temp-file
功能描述
飞书文件发送助手 - 通过临时目录解决OpenClaw飞书发送文件路径白名单问题 | Feishu File Sender - Solve OpenClaw Feishu file path whitelist issue
使用说明 (SKILL.md)
飞书文件发送助手 | Feishu File Sender
解决 OpenClaw 飞书发送文件时的路径白名单问题! Solve OpenClaw Feishu file path whitelist issue!
📋 问题说明 | Problem
OpenClaw 发送飞书图片/文件时,飞书插件读取本地文件经过核心的路径白名单检查,导致只能发送白名单路径内的文件。
When sending Feishu images/files via OpenClaw, the Feishu plugin reads local files through OpenClaw's path whitelist check, which only allows files in whitelisted paths.
💡 解决方案 | Solution
- 配置技能读取权限 - 自动适配多系统
- 在临时目录下创建文件夹,发送前复制文件到临时目录
- 发送成功后删除临时文件
🚀 快速开始 | Quick Start
第一步:配置权限(必做)
cd skills/feishu-temp-file
# 显示权限选项
node scripts/perm-config.js
# 选择并应用配置 (1/2/3)
node scripts/perm-config.js 2
权限选项说明:
| 选项 | 名称 | 路径范围 |
|---|---|---|
| 1 | 限制级 | /home/admin, /tmp, /home |
| 2 | 中等 | /home, /tmp, /opt, /var, /srv |
| 3 | 宽松 | /** (整个系统) |
第二步:检查目录权限
# 检查临时目录权限状态
node scripts/check-perm.js
第三步:使用技能
# 复制文件到临时目录
node scripts/prepare.js /path/to/your/file.png
# 发送成功后清理
node scripts/clean.js
📜 所有脚本 | All Scripts
| 脚本 | 功能 |
|---|---|
perm-config.js |
配置技能读取权限 (首次必做) ✅ |
check-perm.js |
检查临时目录权限状态 |
prepare.js |
复制文件到临时目录 |
list.js |
列出临时文件 |
clean.js |
清理临时文件 |
detect-system.js |
检测系统类型 |
📁 项目结构 | Project Structure
feishu-temp-file/
├── SKILL.md
├── _meta.json
├── package.json
├── config.example.json
└── scripts/
├── shared.js
├── perm-config.js # 配置权限 ✅ (新增)
├── check-perm.js
├── prepare.js
├── list.js
└── clean.js
⚠️ 注意事项 | Notes
- 首次使用必须先运行
perm-config.js- 配置技能读取权限 - 选择权限级别后会自动写入
~/.openclaw/openclaw.json - 发送成功后记得清理临时文件
🔗 相关链接 | Links
提示: 建议选择"中等"权限,既方便使用又相对安全! Tip: Recommend option 2 (Medium) for balance between convenience and security!
安全使用建议
This skill appears to do what it says (copy files to a temporary media dir and register that dir with OpenClaw), but it modifies your OpenClaw config and can be configured to allow access to the entire filesystem. Before running: (1) Backup ~/.openclaw/openclaw.json if it exists. (2) Inspect perm-config.js and decide which option to choose — avoid the '宽松' (/**) option unless you fully understand the risk. (3) Prefer the '中等' option and/or set FEISHU_MEDIA_DIRS to a single, narrowly-scoped directory you control. (4) Run the scripts as an unprivileged user and review copied temp files; run clean.js after sending. (5) If you are unsure, run the scripts in a sandbox/container or inspect the code line-by-line (the project is local Node scripts with no external downloads).
功能分析
Type: OpenClaw Skill
Name: feishu-temp-file
Version: 1.2.0
The skill bundle is classified as suspicious because its primary purpose is to bypass OpenClaw's path whitelist security mechanism. It includes a script, `scripts/perm-config.js`, which programmatically modifies the global OpenClaw configuration file (`~/.openclaw/openclaw.json`) to grant the skill broad filesystem access, including a 'loose' option for the entire root directory (`/**`). While the stated intent is to facilitate Feishu file transfers, this mechanism allows an agent to copy sensitive files from restricted locations into a temporary directory via `scripts/prepare.js`, effectively circumventing the host's security boundaries.
能力评估
Purpose & Capability
Name/description (workaround for OpenClaw path whitelist) aligns with the provided scripts: they detect available media dirs, copy files into a temporary uploads folder, list and remove temp files, and (optionally) write a skill-specific allowedPaths entry into ~/.openclaw/openclaw.json. No unrelated credentials or network endpoints are required.
Instruction Scope
SKILL.md instructs the user to run perm-config.js which will write to ~/.openclaw/openclaw.json to add an entry for this skill. That behavior is consistent with the purpose, but the script explicitly offers a '宽松' option that sets allowedPaths to '/**' (entire filesystem). Running the script modifies user configuration and can broaden the file-access whitelist for the OpenClaw plugin—this is sensitive and should be done only with explicit user consent. The scripts also create directories and write/delete files under chosen media dirs; these file-IO actions are expected for the feature.
Install Mechanism
No install spec or external downloads are present; this is an instruction-only skill with bundled Node scripts. No external URLs, archive extraction, or installation steps are required by the SKILL.md. package.json lists axios but the shipped scripts do not call network code; there is no automatic install of npm packages.
Credentials
The skill does not request credentials or configuration paths beyond writing a skill entry in ~/.openclaw/openclaw.json and using local filesystem paths. It optionally reads FEISHU_MEDIA_DIRS from the environment (not documented in SKILL.md as a required var) which is non-sensitive but should be noted. There are no secret tokens requested. The primary risk is privilege scope from allowedPaths, not credential exfiltration.
Persistence & Privilege
perm-config.js writes to the user's OpenClaw config (~/.openclaw/openclaw.json) to register allowedPaths for this skill. Writing to agent/config is an expected install-time action for this use case, but the ability to set allowedPaths to '/**' effectively grants the OpenClaw Feishu plugin (and therefore any code that relies on those allowlists) access to the whole filesystem. That elevated, persistent permission is significant and should be applied only after review. The skill does not set always:true and does not alter other skills' entries beyond adding its own.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install feishu-temp-file - 安装完成后,直接呼叫该 Skill 的名称或使用
/feishu-temp-file触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Skill now supports interactive permission configuration for easier setup.
- Added perm-config.js for choosing skill file access permissions interactively.
- Updated documentation: first-time users must run perm-config.js to configure permissions before use.
- Expanded quick start and instructions to include permission options and script usage.
- Internal updates to package and metadata files to reflect new setup flow.
v1.1.0
feishu-temp-file v1.1.0
- Added multi-directory support: now auto-selects available temp directories for file uploads.
- New check-perm.js script for checking temp directory permissions and status.
- Updated configuration to allow multiple candidate directories in config.example.json.
- Improved documentation and workflow steps in SKILL.md.
- Enhanced scripts/shared.js and related scripts to support new directory selection logic.
v1.0.0
Initial release of Feishu File Sender (feishu-file-sender):
- Solves OpenClaw Feishu file path whitelist issue by managing temp files in a whitelisted directory.
- Adds scripts to prepare, list, and clean temp files for easy Feishu file sending.
- Automatically generates unique filenames and supports all Feishu-supported file types.
- Provides detailed usage instructions and output format for integration.
- Includes commands for automated workflows and emphasizes post-send cleanup.
元数据
常见问题
Feishu File Sender 是什么?
飞书文件发送助手 - 通过临时目录解决OpenClaw飞书发送文件路径白名单问题 | Feishu File Sender - Solve OpenClaw Feishu file path whitelist issue. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 398 次。
如何安装 Feishu File Sender?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-temp-file」即可一键安装,无需额外配置。
Feishu File Sender 是免费的吗?
是的,Feishu File Sender 完全免费(开源免费),可自由下载、安装和使用。
Feishu File Sender 支持哪些平台?
Feishu File Sender 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Feishu File Sender?
由 yingyangdao(@yingyangdao)开发并维护,当前版本 v1.2.0。
推荐 Skills