功能描述

Feishu document operations (User Access Token version). Use user access token for authentication. When you need to read, create, write, or append Feishu docu...

使用说明 (SKILL.md)

\r \r

Feishishu document operations using useru User\r

Name: feishu-user
Author: hacksing

\r Fe access token authentication. Call Feishu Open API directly via REST API.\r \r

Install Dependencies\r

\r

pip install requests\r
```\r
\r
## Quick Start\r
\r
```python\r
from feishu_client import FeishuClient\r
\r
# Initialize client\r
client = FeishuClient(user_access_token="u-xxx")\r
```\r
\r
## Get User Access Token\r
\r
### Step 1: Get App Credentials from Feishu Open Platform\r
\r
Prepare the following:\r
- **APP_ID** - App ID (from Feishu Open Platform app settings)\r
- **APP_SECRET** - App Secret (from Feishu Open Platform app settings)\r
- **REDIRECT_URI** - Authorization callback URL\r
\r
Enable these permissions:\r
- `docx:document` - Document operations\r
- `drive:drive.search:readonly` - Cloud drive search\r
- `search:docs:read` - Document search\r
\r
### Step 2: Generate Authorization URL\r
\r
```\r
https://accounts.feishu.cn/open-apis/authen/v1/authorize?client_id={YOUR_APP_ID}&response_type=code&redirect_uri={YOUR_REDIRECT_URI}&scope=docx%3Adocument%20drive%3Adrive.search%3Areadonly%20search%3Adocs%3Aread\r
```\r
\r
### Step 3: Exchange for Token\r
\r
```bash\r
curl -X POST "https://open.feishu.cn/open-apis/authen/v1/access_token" \\r
  -H "Content-Type: application/json" \\r
  -d '{\r
    "grant_type": "authorization_code",\r
    "code": "{YOUR_CODE}",\r
    "app_id": "{YOUR_APP_ID}",\r
    "app_secret": "{YOUR_APP_SECRET}"\r
  }'\r
```\r
\r
The returned `access_token` is your `user_access_token`.\r
\r
---\r
\r
## Usage Examples\r
\r
```python\r
from feishu_client import FeishuClient\r
\r
# Initialize\r
client = FeishuClient(user_access_token="u-xxx")\r
\r
# Read document\r
content = client.read_doc("doc_token")\r
print(content)\r
\r
# Create document\r
new_token = client.create_doc("My New Document")\r
print(f"New document: {new_token}")\r
\r
# Write document\r
client.write_doc("doc_token", "# Title\
\
Content")\r
\r
# Append content\r
client.append_doc("doc_token", "## New Section\
\
More content")\r
\r
# List all blocks\r
blocks = client.list_blocks("doc_token")\r
for block in blocks:\r
    print(block)\r
\r
# Get specific block\r
block = client.get_block("doc_token", "block_id")\r
\r
# Update block\r
client.update_block("doc_token", "block_id", "New content")\r
\r
# Delete block\r
client.delete_block("doc_token", "block_id")\r
```\r
\r
---\r
\r
## Convenience Functions\r
\r
Don't want to create a client? Use functions directly:\r
\r
```python\r
from feishu_client import read_document, create_document, write_document, append_document\r
\r
# Read\r
content = read_document("doc_token", user_access_token="u-xxx")\r
\r
# Create\r
new_token = create_document("Title", user_access_token="u-xxx")\r
\r
# Write\r
write_document("doc_token", "# Content", user_access_token="u-xxx")\r
\r
# Append\r
append_document("doc_token", "## More", user_access_token="u-xxx")\r
```\r
\r
---\r
\r
## API Reference\r
\r
### FeishuClient\r
\r
| Method | Description |\r
|--------|-------------|\r
| `read_doc(doc_token)` | Read document content |\r
| `create_doc(title, folder_token)` | Create new document |\r
| `write_doc(doc_token, content)` | Write document (overwrite) |\r
| `append_doc(doc_token, content)` | Append content to end |\r
| `list_blocks(doc_token)` | List all blocks |\r
| `get_block(doc_token, block_id)` | Get specific block |\r
| `update_block(doc_token, block_id, content)` | Update block content |\r
| `delete_block(doc_token, block_id)` | Delete block |\r
\r
---\r
\r
## Notes\r
\r
1. `user_access_token` has an expiration time, needs periodic refresh\r
2. The `scope` in authorization URL must be enabled in Feishu Open Platform\r
3. This skill accesses personal cloud documents using user identity\r
\r
---\r
\r
## Related Links\r
\r
- Feishu Open Platform: https://open.feishu.cn\r
- Document API: https://open.feishu.cn/document/ukTMukTMukTM/uADOwUjLwgDMzCM4ATm\r
\r
---\r
\r
## Token Auto Refresh\r
\r
Use `feishu_token.py` script for automatic token refresh.\r
\r
### Install Dependencies\r
\r
```bash\r
pip install requests\r
```\r
\r
### First Authorization\r
\r
```bash\r
# 1. Generate authorization URL\r
python feishu_token.py --app-id YOUR_APP_ID --app-secret YOUR_SECRET --redirect-uri YOUR_REDIRECT_URI --url\r
```\r
\r
After user authorizes, will callback to `YOUR_REDIRECT_URI?code=XXX`\r
\r
```bash\r
# 2. Use authorization code to get token\r
python feishu_token.py --app-id YOUR_APP_ID --app-secret YOUR_SECRET --code AUTH_CODE\r
```\r
\r
Token is automatically saved to `~/.config/claw-feishu-user/config.json`\r
\r
### Refresh Token\r
\r
```bash\r
python feishu_token.py --app-id YOUR_APP_ID --app-secret YOUR_SECRET --refresh\r
```\r
\r
### In Code\r
\r
```python\r
import json\r
import os\r
\r
# Read cached token\r
config_path = os.path.expanduser("~/.config/claw-feishu-user/config.json")\r
with open(config_path) as f:\r
    config = json.load(f)\r
\r
# Use token\r
client = FeishuClient(user_access_token=config["access_token"])\r
```\r

安全使用建议

This skill appears to do what it says: a Feishu document client plus a token manager. Before installing or running it, consider: (1) the token manager saves access_token and refresh_token to ~/.config/claw-feishu-user/config.json in plaintext — ensure that file's permissions are restricted and you trust the environment; (2) provide your App Secret only on machines you control (don't paste it into shared terminals); (3) the code talks only to official Feishu endpoints (open.feishu.cn / accounts.feishu.cn); (4) if you need stricter secrecy, store tokens in a secrets manager rather than the local config file. Otherwise, the package is internally consistent and proportionate to its purpose.

功能分析

Type: OpenClaw Skill Name: feishu-user Version: 1.0.1 The skill provides legitimate functionality for managing Feishu documents using user access tokens. All network communications are directed to official Feishu API endpoints (open.feishu.cn, accounts.feishu.cn). The `SKILL.md` instructions are clear and do not contain any prompt injection attempts or directives for the AI agent to perform unauthorized actions. The `feishu_client.py` script handles document operations, and `feishu_token.py` manages OAuth token acquisition and refresh, storing tokens in a standard user configuration file (`~/.config/claw-feishu-user/config.json`). While storing tokens locally carries inherent risk, and content parameters could theoretically be misused for content injection if untrusted input is provided, these are common considerations for such utilities and do not indicate malicious intent within the skill itself.

能力评估

✓ Purpose & Capability

Name/description (Feishu document operations) match the included code and SKILL.md. The files implement REST calls to Feishu Open API for reading/creating/updating document blocks and token management; nothing in the package asks for resources unrelated to Feishu.

✓ Instruction Scope

SKILL.md instructs the agent to call Feishu APIs, run the included token helper, and read a token cached at ~/.config/claw-feishu-user/config.json. All referenced files, paths, and network endpoints are consistent with the stated purpose; no instructions attempt to read unrelated system files or send data to non-Feishu endpoints.

✓ Install Mechanism

This is an instruction-only skill with two small Python scripts; dependencies are limited to the public requests package (installed via pip). There is no download-from-URL or archive extraction, and no installer that writes arbitrary binaries.

✓ Credentials

The skill does not declare or require environment variables, and it uses app_id/app_secret supplied at runtime (via CLI or parameters) which is appropriate for OAuth flows. It caches tokens to a user config file — expected for a token manager — and does not request unrelated secrets.

ℹ Persistence & Privilege

The skill writes token state to ~/.config/claw-feishu-user/config.json for caching (normal for a token helper). It does not request always:true nor modify other skills or system-wide settings. Users should be aware tokens are stored in plaintext under the user home directory.

版本历史

v1.0.1

- Updated English translation and formatting throughout documentation for clarity and consistency. - Improved section headings and example code readability. - Clarified steps for obtaining user access token and necessary Feishu platform permissions. - Minor corrections to parameter and variable names in code examples. - No changes in functionality or code; documentation update only.

v1.0.0

feishu-user 1.0.0 - Initial release of Feishu document operations using user access token authentication via REST API. - Provides functions to read, create, write, and append to Feishu documents, as well as block-level operations. - Offers both client-based usage and simple utility functions for document manipulation. - Includes detailed setup instructions for authentication, token management, and dependency installation. - Token auto-refresh supported through the included feishu_token.py script.

元数据

Slug feishu-user

版本 1.0.1

许可证 —

累计安装 2

当前安装数 2

历史版本数 2

常见问题

feishu-user 是什么？

Feishu document operations (User Access Token version). Use user access token for authentication. When you need to read, create, write, or append Feishu docu... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 901 次。

如何安装 feishu-user？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install feishu-user」即可一键安装，无需额外配置。

feishu-user 是免费的吗？

是的，feishu-user 完全免费（开源免费），可自由下载、安装和使用。

feishu-user 支持哪些平台？

feishu-user 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 feishu-user？

由 AIWareTop（@hacksing）开发并维护，当前版本 v1.0.1。

feishu-user