← 返回 Skills 市场
Lark Toolkit
作者
Pengxiao-Wang
· GitHub ↗
· v1.0.0
1072
总下载
0
收藏
4
当前安装
3
版本数
在 OpenClaw 中安装
/install lark-toolkit
功能描述
Comprehensive Lark/Feishu API skill for OpenClaw agents. Covers all Lark operations via three access paths: claw-lark plugin (message tool), MCP tools (mcpor...
使用说明 (SKILL.md)
Lark Toolkit
Prerequisites & Security
This skill is a documentation-only reference guide. It contains no executable code that accesses credentials automatically.
Required credentials (user-provided, never bundled):
- Lark App ID (
app_id) — from Lark Developer Console - Lark App Secret (
app_secret) — from the same console
How credentials are used:
- All API examples in SKILL.md use placeholders (
\x3CAPP_ID>,\x3CAPP_SECRET>,CHAT_ID, etc.) — no real secrets - The
scripts/get_token.shhelper obtains a temporarytenant_access_tokenfrom Lark's auth API. It reads credentials from (in order):- Command-line arguments
LARK_APP_ID/LARK_APP_SECRETenvironment variables~/.openclaw/openclaw.json(standard OpenClaw config, pathchannels.lark.accounts.default.appId/appSecret)
- The script prints the config source to stderr when falling back to the config file
- No credentials are hardcoded, cached to disk, logged, or transmitted beyond the single Lark auth API call
- The token is exported as
LARK_TOKENenv var for subsequent commands in the same shell session
Three Access Paths
| Need | Path | When |
|---|---|---|
| Send/receive messages | claw-lark plugin (message tool) | Basic text, media, reactions — simplest |
| Structured CRUD ops | MCP tools via mcporter | Bitable, calendar, docs, tasks, OKR — 38 tools |
| Everything else | Direct API (curl) | Contacts, member mgmt, anything MCP doesn't cover |
Rule: claw-lark first → MCP second → direct API as fallback.
Authentication (Direct API)
TOKEN=$(curl -s -X POST 'https://open.larksuite.com/open-apis/auth/v3/tenant_access_token/internal' \
-H 'Content-Type: application/json' \
-d '{"app_id":"\x3CAPP_ID>","app_secret":"\x3CAPP_SECRET>"}' \
| python3 -c "import sys,json; print(json.load(sys.stdin)['tenant_access_token'])")
Or use the helper: bash scripts/get_token.sh
Token validity: ~2 hours. Cache it.
API Base URLs
| Platform | API Base | Dev Console |
|---|---|---|
| Lark International | https://open.larksuite.com/open-apis/ |
https://open.larksuite.com/app |
| Feishu (China) | https://open.feishu.cn/open-apis/ |
https://open.feishu.cn/app |
⚠️ Lark ≠ Feishu. Always confirm which platform the tenant uses.
Common API Patterns
Send a Message
curl -X POST "https://open.larksuite.com/open-apis/im/v1/messages?receive_id_type=chat_id" \
-H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
-d '{"receive_id":"CHAT_ID","msg_type":"text","content":"{\"text\":\"hello\"}"}'
Reply in Thread
curl -X POST "https://open.larksuite.com/open-apis/im/v1/messages/MSG_ID/reply" \
-H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
-d '{"msg_type":"text","content":"{\"text\":\"reply\"}","reply_in_thread":true}'
Add Reaction
curl -X POST "https://open.larksuite.com/open-apis/im/v1/messages/MSG_ID/reactions" \
-H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
-d '{"reaction_type":{"emoji_type":"THUMBSUP"}}'
Emoji types: THUMBSUP HEART LAUGH OK COOL FINGERHEART SMILE JIAYOU
List Department Users (MCP gap — direct API only)
# List root departments
curl -s -H "Authorization: Bearer $TOKEN" \
'https://open.larksuite.com/open-apis/contact/v3/departments?parent_department_id=0&page_size=50&fetch_child=true'
# List users in a department
curl -s -H "Authorization: Bearer $TOKEN" \
'https://open.larksuite.com/open-apis/contact/v3/users?department_id=\x3CDEPT_ID>&page_size=50'
Key fields: name, open_id, employee_type (1=regular, 2=intern), department_ids
Read Chat History
curl -s -H "Authorization: Bearer $TOKEN" \
'https://open.larksuite.com/open-apis/im/v1/messages?container_id_type=chat&container_id=\x3CCHAT_ID>&page_size=20&sort_type=ByCreateTimeDesc'
Add Bot to Group
curl -X POST "https://open.larksuite.com/open-apis/im/v1/chats/\x3CCHAT_ID>/members?member_id_type=app_id" \
-H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
-d '{"id_list":["\x3CBOT_APP_ID>"]}'
MCP Tools (38 available)
mcporter call lark-mcp.\x3Ctool_name> key=value
Full catalog with parameters: references/mcp-tools.md
MCP Coverage
| Module | Key Tools |
|---|---|
| Bitable | create apps/tables, CRUD records, list fields |
| Calendar | create/get/patch events, free/busy, primary calendar |
| Docs | read content, search, import, set permissions |
| IM | create/list groups, get members, send messages, list history |
| OKR | batch get, list periods, CRUD progress, query reviews |
| Report | query rules/tasks, manage views |
| Task | create/patch tasks, add members/reminders |
| Wiki | search nodes, get node details |
| Contacts | batch get user IDs by email/phone |
MCP Gaps (use direct API)
- List users by department —
GET /contact/v3/users?department_id= - List departments —
GET /contact/v3/departments - Add/remove group members —
POST /im/v1/chats/{chat_id}/members - Send reactions —
POST /im/v1/messages/{msg_id}/reactions - Upload images/files —
POST /im/v1/images/POST /im/v1/files
Pagination
Most list APIs use cursor-based pagination:
?page_size=50&page_token=\x3Ctoken_from_previous_response>
Check has_more in response.
Error Handling
| Code | Meaning |
|---|---|
| 0 | Success |
| 99991663 | Token expired — refresh |
| 99991664 | Token invalid |
| 99991400 | Bad request |
| 99991403 | No permission — check app permissions |
Critical Pitfalls
- Lark ≠ Feishu — International uses
open.larksuite.com, China usesopen.feishu.cn - open_id is per-app — Same user has different open_id across different Lark apps
- Webhook 5s timeout — Return 200 immediately, process async
- Event dedup — Use
event_id(Lark retries up to 3x) - Bot-to-bot blind spot — Lark does NOT push Bot A's messages to Bot B's webhook
- Publishing required — Permission/event changes only take effect after publishing a new app version
- ngrok IPv6 trap — Use
127.0.0.1:PORTnotlocalhost:PORTin ngrok config - ngrok free domain — Returns interstitial HTML that Lark rejects. Use paid domain.
Detailed References
- Bot setup playbook: references/bot-setup.md
- API reference: references/api-reference.md
- MCP tools catalog: references/mcp-tools.md
- Webhook & tunnel: references/webhook-setup.md
- Troubleshooting: references/troubleshooting.md
- Permissions: references/permissions.md
安全使用建议
This skill is primarily documentation and examples for Lark/Feishu plus a small helper script to fetch tenant_access_token. Before using: (1) review scripts/get_token.sh — it will read LARK_APP_ID/LARK_APP_SECRET env vars or fallback to ~/.openclaw/openclaw.json and will export LARK_TOKEN in your shell; don't 'source' it blindly if you don't want it to read local config. (2) Prefer invoking the script with explicit app_id/app_secret arguments or set env vars rather than relying on the config-file fallback. (3) Ensure ~/.openclaw/openclaw.json is accessible only to trusted users (it may contain credentials for your OpenClaw channels). (4) The docs assume standard CLI tools (curl, python3, lsof, kill); run commands manually in a safe environment if you are unsure. (5) Verify whether your tenant uses open.larksuite.com or open.feishu.cn before making calls. Overall the package appears coherent with its stated purpose; no disproportionate credential or install demands were found.
功能分析
Type: OpenClaw Skill
Name: lark-toolkit
Version: 1.0.0
The skill bundle provides a comprehensive toolkit for Lark/Feishu API integration. The `SKILL.md` clearly states it's a documentation-only reference and does not automatically access credentials. The `scripts/get_token.sh` is the only executable file, and it transparently fetches a `tenant_access_token` from the legitimate Lark authentication API using credentials provided via command-line, environment variables, or the standard `~/.openclaw/openclaw.json` config. It does not log, store, or exfiltrate credentials beyond the single API call. All `curl` examples in the documentation use placeholders or the `$TOKEN` variable and show no signs of malicious execution or unauthorized data exfiltration. There are no prompt injection attempts or obfuscation found.
能力评估
Purpose & Capability
Name and description match the provided files: comprehensive Lark/Feishu docs, MCP tool catalog, and curl examples. The included helper script (get_token.sh) and references to claw-lark/MCP/direct API are appropriate for a Lark API toolkit.
Instruction Scope
SKILL.md is largely documentation and examples of curl/mcporter usage. One inconsistency: the top-level README says "documentation-only" and "no executable code that accesses credentials automatically," but the repository contains scripts/get_token.sh which will read env vars and (as a fallback) ~/.openclaw/openclaw.json and perform a network call to fetch a tenant_access_token. That helper behavior is expected for this purpose but is a functional script (not pure prose). The instructions reference shell utilities (curl, python3, lsof, kill) for troubleshooting — expected for webhook/debug guidance but assume standard CLI tools are present.
Install Mechanism
No install spec is present; this is instruction-only plus a small helper script. Nothing is downloaded or installed by the skill itself, so there is no install-time code-pull risk.
Credentials
The skill does not declare required env vars in registry metadata, but the documentation and get_token.sh legitimately require LARK_APP_ID and LARK_APP_SECRET (and will optionally use OPENCLAW_CONFIG or ~/.openclaw/openclaw.json). These credentials are proportional and necessary for Lark API calls. Minor caution: the helper prints the config file path when it falls back to the config file and will export LARK_TOKEN into the shell session; users should be aware of this behavior.
Persistence & Privilege
always:false and no install hooks; the skill does not request permanent system presence or modify other skills. Autonomous invocation by the model is allowed (platform default) but not elevated beyond normal skill behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install lark-toolkit - 安装完成后,直接呼叫该 Skill 的名称或使用
/lark-toolkit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: comprehensive Lark/Feishu API skill covering claw-lark plugin, MCP tools, and direct Open API paths
v1.2.0
Security transparency: explicit Prerequisites section declaring credential sources. Fixes ClawHub security flag.
v1.1.0
Comprehensive Lark/Feishu toolkit: auth, messaging, contacts, MCP tools catalog, bot setup, webhook, troubleshooting. 6 reference docs included.
元数据
常见问题
Lark Toolkit 是什么?
Comprehensive Lark/Feishu API skill for OpenClaw agents. Covers all Lark operations via three access paths: claw-lark plugin (message tool), MCP tools (mcpor... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1072 次。
如何安装 Lark Toolkit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install lark-toolkit」即可一键安装,无需额外配置。
Lark Toolkit 是免费的吗?
是的,Lark Toolkit 完全免费(开源免费),可自由下载、安装和使用。
Lark Toolkit 支持哪些平台?
Lark Toolkit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Lark Toolkit?
由 Pengxiao-Wang(@pengxiao-wang)开发并维护,当前版本 v1.0.0。
推荐 Skills