📦 Feishu Recall — 撤回群消息

v1.0.0

一键撤回飞书群聊或单聊消息：群主/管理员可撤回任意成员消息，普通成员仅能撤回自己消息，支持单条、批量及按时间范围撤回，触发词：撤回消息、recall message、删除群消息、recall、撤回。

0· 67·1 当前·1 累计

by @tz826 (koen)

自动化 API工具

下载技能包

最后更新

2026/3/28

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

high confidence

The skill's instructions require a user OAuth token and message-deletion privileges but the published metadata declares no credentials or environment requirements, creating an incoherence and a potential for misuse (bulk deletion).

评估建议

This skill's behavior (deleting Feishu messages) requires a user's OAuth token and the im:message permission, but the published metadata does not declare any required credentials — that's an incoherence you should not ignore. Before installing or using it: 1) confirm the skill's source and trustworthiness (there's no homepage or known owner contact); 2) require the publisher to declare which credential the agent will use (e.g., a named primaryEnv like FEISHU_OAUTH_TOKEN) and limit scope to the m...

详细分析 ▾

⚠ 用途与能力

The described purpose (recall/delete Feishu messages) matches the runtime actions (get_messages + delete). However the SKILL.md explicitly requires a user's OAuth token and the im:message scope, but the skill metadata lists no required credentials or primaryEnv. That mismatch is unexplained and disproportionate.

ℹ 指令范围

Instructions stay within the stated task (single, batch, time-range deletes) and do not ask to read unrelated files or external endpoints. However they permit bulk deletion across time ranges and instruct iterating through messages to delete — a legitimate capability but with high abuse potential if misused or if admin privileges are granted broadly.

✓ 安装机制

No install spec or code files are present; this is instruction-only so nothing is written to disk. Low install risk.

⚠ 凭证需求

The runtime text requires a user OAuth token and the im:message scope, but the skill declares no required environment variables, secrets, or primary credential. That omission is a meaningful inconsistency: deleting user messages requires sensitive credentials but none are declared.

✓ 持久化与权限

always is false and there is no install or persistent configuration. The skill does not request permanent presence or modify other skills; standard autonomous invocation applies.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/28

初始版本：支持以用户身份撤回飞书群消息，单条/批量/时间范围撤回

● 无害

安装命令

点击复制

官方npx clawhub@latest install feishu-recall-message

镜像加速npx clawhub@latest install feishu-recall-message --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库