首页 / 技能 / Feishu Send Message as App — 飞书机器人发消息

📦 Feishu Send Message as App — 飞书机器人发消息

v1.0.0

以应用(机器人)身份向飞书即时通讯发送消息,消息来源显示为机器人而非用户,需使用 App Access Token。

0· 143·0 当前·0 累计
by @jkzleond
API工具自动化
下载技能包
最后更新
2026/3/25
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This skill's code does what it says (gets an app token and posts to Feishu), but the registry metadata fails to declare that it reads appId/appSecret from an openclaw.json file (default /root/.openclaw/openclaw.json). Before installing: (1) confirm where your Feishu app credentials are stored and whether you want this skill to read that file; (2) ensure the openclaw.json file permissions are restrictive and that you trust the skill's origin; (3) be aware the script caches the app token in /tmp (...
详细分析 ▾
用途与能力
The skill's purpose (send Feishu messages as the app) matches the included script. However the registry metadata declares no required credentials or config paths while SKILL.md and the script read appId and appSecret from openclaw.json (default /root/.openclaw/openclaw.json). The omission in metadata is an inconsistency that could hide sensitive file access.
指令范围
SKILL.md and scripts instruct the agent to read credentials from openclaw.json, call Feishu API endpoints, and cache an app token in /tmp/feishu_app_token.cache. The instructions stay within the Feishu API domain, but they reference and read a local config file that was not declared in the registry, which expands scope beyond what's advertised.
安装机制
No install spec; this is an instruction-only skill with a small included shell script. Nothing is downloaded or written during install beyond the script itself.
凭证需求
Registry lists no required environment variables or primary credential, yet the script requires appId/appSecret (read from openclaw.json) and supports optional FEISHU_* env vars for convenience. Requesting access to local stored credentials without declaring them is disproportionate to the metadata and should be justified.
持久化与权限
The skill is not marked always:true and does not modify other skills. It writes a cached app token to /tmp/feishu_app_token.cache (temporary, potentially world-readable) but otherwise does not request persistent elevated privileges.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/25

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install feishu-send-message-as-app
镜像加速npx clawhub@latest install feishu-send-message-as-app --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库