feishu-interactive-cards

Review·Scanned 2/18/2026

This skill creates and sends interactive Feishu (Lark) cards and runs a long-polling callback server. It reads ~/.openclaw/openclaw.json and env vars like FEISHU_APP_ID/FEISHU_APP_SECRET, makes network calls to https://open.feishu.cn/open-apis/... and instructs executing node card-callback-server.js.

from clawhub.ai·v1.0.2·119.2 KB·0 installs
Scanned from 1.0.2 at 92eb945 · Transparency log ↗
$ vett add clawhub.ai/leecyang/feishu-interactive-cardsReview findings below

🎴 Feishu Interactive Cards

Create and send interactive cards to Feishu (Lark) with buttons, forms, polls, and rich UI elements. Use when replying to Feishu messages and there is ANY uncertainty - send an interactive card instead of plain text to let users choose via buttons.

✨ Features

  • 🎯 Interactive Buttons - Let users respond with clicks instead of typing
  • 📝 Forms & Inputs - Collect structured data easily
  • 📊 Polls & Surveys - Quick voting and feedback
  • Todo Lists - Task management with checkboxes
  • 🔄 Auto Callbacks - Long-polling mode (no public IP needed)
  • 🔒 Security First - Built-in input validation and safe APIs

🚀 Quick Start

1. Install

clawhub install feishu-interactive-cards

2. Start Callback Server

cd ~/.openclaw/skills/feishu-interactive-cards/scripts
node card-callback-server.js

3. Send Your First Card

node scripts/send-card.js confirmation "Confirm delete file?" --chat-id oc_xxx

📚 Documentation

See SKILL.md for complete documentation including:

  • Card templates and examples
  • Callback handling patterns
  • Security best practices
  • Integration guide

🔒 Security

Version 1.0.2 includes critical security fixes:

  • ✅ Fixed command injection vulnerability (v1.0.1)
  • ✅ Fixed arbitrary file read vulnerability (v1.0.2)
  • ✅ Safe file operations using Node.js APIs
  • ✅ Path validation and sanitization
  • ✅ Template file restrictions (only allowed directories)
  • ✅ Comprehensive security documentation

See references/security-best-practices.md for details.

📦 What's Included

feishu-interactive-cards/
├── SKILL.md                    # Main documentation
├── CHANGELOG.md                # Version history
├── examples/                   # Card templates
│   ├── confirmation-card.json
│   ├── todo-card.json
│   ├── poll-card.json
│   └── form-card.json
├── scripts/                    # Helper scripts
│   ├── card-callback-server.js
│   └── send-card.js
└── references/                 # Guides
    ├── gateway-integration.md
    ├── card-design-guide.md
    └── security-best-practices.md

🤝 Contributing

Contributions welcome! Please ensure:

  • All user input is validated
  • No shell command injection vulnerabilities
  • Security best practices are followed

📄 License

MIT

🔗 Links