claude-feishu-channel
skill
Fail
Health Warn
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 9 GitHub stars
Code Fail
- execSync — Synchronous shell command execution in daemon.ts
- process.env — Environment variable access in daemon.ts
- fs module — File system access in daemon.ts
- network request — Outbound network request in daemon.ts
- process.env — Environment variable access in email-worker.ts
- network request — Outbound network request in email-worker.ts
- execSync — Synchronous shell command execution in project-lock.ts
- process.env — Environment variable access in project-lock.ts
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool acts as a bridge connecting the Claude Code CLI to Feishu (Lark) and email, allowing users to manage autonomous digital employees, monitor ongoing AI sessions, and approve permissions via a chat interface.
Security Assessment
The overall security risk is rated as High. The scan detected multiple instances of synchronous shell command execution (`execSync`) within the codebase, specifically in `daemon.ts` and `project-lock.ts`. If an attacker successfully injects a malicious prompt or compromises an incoming message, these synchronous executions could allow arbitrary command execution on the host server. Additionally, the tool requires outbound network requests, file system access, and environment variable access to facilitate its core messaging and monitoring functions. While no hardcoded secrets or explicitly dangerous permissions were found, the execution flaws pose a significant threat.
Quality Assessment
The project is very new and currently has low community visibility with only 9 GitHub stars, meaning it has not been broadly tested or vetted by a wide audience. However, the repository is under active development (last push was today), and the code is legally unencumbered under the standard MIT license. The README is comprehensive and clearly documents the tool's constraints, noting that the underlying Claude channel feature is not yet fully public.
Verdict
Use with caution — the tool is highly useful for remote AI management but poses significant security risks due to its use of `execSync`.
This tool acts as a bridge connecting the Claude Code CLI to Feishu (Lark) and email, allowing users to manage autonomous digital employees, monitor ongoing AI sessions, and approve permissions via a chat interface.
Security Assessment
The overall security risk is rated as High. The scan detected multiple instances of synchronous shell command execution (`execSync`) within the codebase, specifically in `daemon.ts` and `project-lock.ts`. If an attacker successfully injects a malicious prompt or compromises an incoming message, these synchronous executions could allow arbitrary command execution on the host server. Additionally, the tool requires outbound network requests, file system access, and environment variable access to facilitate its core messaging and monitoring functions. While no hardcoded secrets or explicitly dangerous permissions were found, the execution flaws pose a significant threat.
Quality Assessment
The project is very new and currently has low community visibility with only 9 GitHub stars, meaning it has not been broadly tested or vetted by a wide audience. However, the repository is under active development (last push was today), and the code is legally unencumbered under the standard MIT license. The README is comprehensive and clearly documents the tool's constraints, noting that the underlying Claude channel feature is not yet fully public.
Verdict
Use with caution — the tool is highly useful for remote AI management but poses significant security risks due to its use of `execSync`.
一人公司最佳实践,不止是claude的飞书channel,更是你的带领数字员工的管理工具
README.md
English | 中文
夜航星 (Lodestar)
飞书 (Lark) 频道插件,用于 Claude Code — 在飞书群里和 Claude 协作,会话持久化、多项目并行、7×24 可用。
⚠️ 当前限制:Claude Code 的 channel 功能(
--channels)尚未正式开放,目前仅 Anthropic 订阅用户(Claude Pro / Max / Team / Enterprise)可用。使用第三方 API 或未登录 Anthropic 账号的环境暂时无法使用本插件。我们正在等待官方正式开放此功能。详见 官方 Channels 文档。
核心功能
- Markdown 卡片渲染 — 标题、列表、代码块自动转为飞书富文本卡片,手机桌面都好看
- 实时反馈 — 👌→✅ 表情追踪消息进度,Claude 的工作输出实时转发到群里
- 权限审批卡片 — 一键批准或拒绝,群里点按钮就能远程授权
- 图片与文件双向传输 — 截图发给 Claude 分析,Claude 也能把生成的文件传回群里
- 会话管理 — 发
hi自动开工,restart/kill/clear随时管控,菜单和进展实时推送 - 邮件通道 — 给协作者一个受控入口:白名单准入、预算上限、权限隔离
- 状态仪表盘 — 赛博朋克风格监控面板,所有会话的状态、用量、队列一目了然
- 可靠性保障 — 断线自动重连、崩溃检测通知、过期消息丢弃,7×24 无人值守
- 最佳实践 —
cc一键启动、VS Code SSH 远程审阅、飞书+终端+邮件多入口协作
安装
给人类看
把下面这段话粘贴到你的 Claude Code 会话里,让 Agent 帮你装:
Install and configure the Lodestar (夜航星) Feishu channel plugin by following the instructions here:
https://raw.githubusercontent.com/leviyuan/claude-feishu-channel/main/docs/installation.md
或者自己看 安装指南 → 手动操作。
给 Agent 看
curl -fsSL https://raw.githubusercontent.com/leviyuan/claude-feishu-channel/main/docs/installation.md
详见 Agent 安装指南。
文档
许可证
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found