← Back to Skills Marketplace
Feishu Send Message
by
pikaqiuyaya
· GitHub ↗
· v5.0.0
· MIT-0
196
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install feishu-auto-report
Description
自动从本地配置获取飞书凭证,支持多Agent独立身份向指定open_id或chat_id发送文本消息汇报任务结果。
README (SKILL.md)
Feishu Auto-Report Skill - 飞书自主汇报技能
name: Feishu Auto-Report - 飞书自主汇报 description: 专为多 Agent 协作设计。Agent 完成任务后自主调用本技能向用户汇报结果,显示独立机器人身份。零配置,Agent 启动时自动扫描使用,无需手动配置飞书凭证。 descriptionEn: Designed for multi-agent collaboration scenarios. After completing tasks, agents independently call this skill to report results to users with independent robot identity. Zero configuration, agents automatically scan and use it without manual Feishu credential configuration. version: 5.0.0 author: pikaqiuyaya license: MIT tags:
- feishu
- auto-report
- multi-agent
- notification
- zh-CN
- 飞书
- 自主汇报
- 多 Agent
- 零配置 language: zh-CN
Feishu Auto-Report Skill - 飞书自主汇报技能
设计目标
在多 Agent 协作架构中,执行 Agent(Agent-B/C)完成任务后需要向用户汇报结果。本技能提供零配置的消息发送能力,让每个 Agent 以自己的身份独立发送通知,无需 Agent-A 转发。
技术实现
通过飞书开放平台的 Internal App 凭证获取 tenant_access_token,调用飞书消息 API 发送文本消息。支持 open_id(私聊)和 chat_id(群聊)两种接收者类型,确保消息精准触达。
配置依赖
技能自动从以下配置文件读取飞书凭证(无需手动配置):
~/.openclaw/openclaw-{agentId}.json
Agent 启动时会自动扫描该路径下的配置文件,读取 channels.feishu.appId 和 channels.feishu.appSecret 字段完成鉴权。
API 调用流程
# 1. 获取租户级访问令牌
POST https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal/
Headers: Content-Type: application/json
Body: {"app_id": "xxx", "app_secret": "xxx"}
# 2. 发送文本消息
POST https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type={idType}
Headers:
Authorization: Bearer {tenant_access_token}
Content-Type: application/json
Body: {
"receive_id": "{targetId}",
"msg_type": "text",
"content": "{\"text\":\"{messageContent}\"}"
}
脚本参数
| 参数 | 说明 | 示例 |
|---|---|---|
| agentId | Agent 标识 | agent-b |
| targetId | 接收者 ID | ou_xxx 或 oc_xxx |
| idType | ID 类型 | open_id / chat_id |
| content | 消息内容 | 任务已完成 |
与 setup-multi-gateway 配合
- Agent-A 接收用户指令
- Agent-A 通过 sessions_send 派发任务
- Agent-B/C 执行任务
- Agent-B/C 自主调用本技能汇报
- 用户收到对应 Agent 的通知
注意事项
- open_id 是应用隔离的,每个 Agent 使用自己的 open_id
- chat_id 是通用的,跨 Agent 共享
- content 必须是转义的 JSON 字符串
Usage Guidance
Before installing: (1) confirm you trust the skill author—this script will read per-agent Feishu appId/appSecret from ~/.openclaw/openclaw-{agent}.json and use them to send messages; (2) be aware agents can send arbitrary message content so the skill could be used to exfiltrate data if an agent is malicious or misconfigured; (3) ensure curl and jq are present or the script will fail (these are not declared as requirements); (4) consider restricting where credentials are stored, or review the contents of the config files and the send.sh script, and require explicit consent before allowing automatic scanning/sending in your environment.
Capability Analysis
Type: OpenClaw Skill
Name: feishu-auto-report
Version: 5.0.0
The skill is designed to send Feishu notifications but contains significant security vulnerabilities in 'send.sh'. Specifically, the script is vulnerable to path traversal because it uses the 'agentId' parameter to construct a file path ($HOME/.openclaw/openclaw-${AGENT}.json) without any sanitization. Additionally, the script lacks proper shell escaping for the 'MESSAGE' variable when constructing the JSON payload for 'curl', which could lead to injection attacks. While the script correctly targets the official Feishu API (open.feishu.cn), these implementation flaws allow for potential unauthorized access to other configuration files or malformed execution.
Capability Assessment
Purpose & Capability
The skill's code and SKILL.md align with the stated purpose: it reads per-agent OpenClaw config (~/.openclaw/openclaw-{agentId}.json) to extract channels.feishu.appId and appSecret and then calls Feishu APIs to send messages. However, registry metadata lists no required binaries/env vars though the script depends on curl and jq; _meta.json version also mismatches SKILL.md version—these are coherence issues.
Instruction Scope
Instructions and send.sh direct the agent to automatically scan a home-directory config path and use the appSecret to obtain tenant tokens and send arbitrary message text. That is consistent with a messaging skill, but it also means an agent can send any data (including sensitive local data) out via Feishu if invoked with crafted content. The SKILL.md gives broad, automatic scanning behavior ('zero configuration, automatically scan and use'), which increases the risk surface because credentials are read without an explicit interactive configuration step.
Install Mechanism
No install spec (instruction-only + script), so nothing is written by an installer. The included send.sh will execute network requests. The manifest does not declare dependencies (curl, jq) required at runtime—this omission is an implementation gap but not itself malicious.
Credentials
No environment variables are requested; instead the skill reads a local config file for appId/appSecret. Reading those Feishu credentials is proportionate to the stated goal (sending messages), but the practice of auto-scanning home-directory config files can lead to unexpected credential usage if users have multiple agent configs or store other secrets in the same path.
Persistence & Privilege
always:false and no install-time persistence. The skill does not request elevated platform privileges or attempt to modify other skills or system settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install feishu-auto-report - After installation, invoke the skill by name or use
/feishu-auto-report - Provide required inputs per the skill's parameter spec and get structured output
Version History
v5.0.0
更新 SKILL.md 为官方版本,包含完整的 frontmatter 元数据和技术文档
v2.0.1
更新 README.md 为官方版本,优化技能描述和用法说明
v2.0.0
飞书自主汇报技能,专为多 Agent 协作设计,零配置自动适配
v1.0.0
Initial release of Feishu Send Message skill for multi-agent collaboration:
- Enables agents to send Feishu messages to users or groups with independent robot identities.
- Zero configuration: Agents auto-scan and use skill at startup.
- Supports both private (open_id) and group (chat_id) message sending.
- Credentials automatically read from agent-specific config files.
- Designed for seamless integration in multi-agent task workflows.
Metadata
Frequently Asked Questions
What is Feishu Send Message?
自动从本地配置获取飞书凭证,支持多Agent独立身份向指定open_id或chat_id发送文本消息汇报任务结果。 It is an AI Agent Skill for Claude Code / OpenClaw, with 196 downloads so far.
How do I install Feishu Send Message?
Run "/install feishu-auto-report" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Feishu Send Message free?
Yes, Feishu Send Message is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Feishu Send Message support?
Feishu Send Message is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Feishu Send Message?
It is built and maintained by pikaqiuyaya (@pikaqiuyaya); the current version is v5.0.0.
More Skills