playbooks

home / skills / openclaw / openclaw / feishu-perm

feishu-perm skill

/extensions/feishu/skills/feishu-perm

This skill helps you manage feishu doc and folder permissions by listing, adding, or removing collaborators for shared files and folders.

npx playbooks add skill openclaw/openclaw --skill feishu-perm

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.5 KB
---
name: feishu-perm
description: |
  Feishu permission management for documents and files. Activate when user mentions sharing, permissions, collaborators.
---

# Feishu Permission Tool

Single tool `feishu_perm` for managing file/document permissions.

## Actions

### List Collaborators

```json
{ "action": "list", "token": "ABC123", "type": "docx" }
```

Returns: members with member_type, member_id, perm, name.

### Add Collaborator

```json
{
  "action": "add",
  "token": "ABC123",
  "type": "docx",
  "member_type": "email",
  "member_id": "[email protected]",
  "perm": "edit"
}
```

### Remove Collaborator

```json
{
  "action": "remove",
  "token": "ABC123",
  "type": "docx",
  "member_type": "email",
  "member_id": "[email protected]"
}
```

## Token Types

| Type       | Description             |
| ---------- | ----------------------- |
| `doc`      | Old format document     |
| `docx`     | New format document     |
| `sheet`    | Spreadsheet             |
| `bitable`  | Multi-dimensional table |
| `folder`   | Folder                  |
| `file`     | Uploaded file           |
| `wiki`     | Wiki node               |
| `mindnote` | Mind map                |

## Member Types

| Type               | Description        |
| ------------------ | ------------------ |
| `email`            | Email address      |
| `openid`           | User open_id       |
| `userid`           | User user_id       |
| `unionid`          | User union_id      |
| `openchat`         | Group chat open_id |
| `opendepartmentid` | Department open_id |

## Permission Levels

| Perm          | Description                          |
| ------------- | ------------------------------------ |
| `view`        | View only                            |
| `edit`        | Can edit                             |
| `full_access` | Full access (can manage permissions) |

## Examples

Share document with email:

```json
{
  "action": "add",
  "token": "doxcnXXX",
  "type": "docx",
  "member_type": "email",
  "member_id": "[email protected]",
  "perm": "edit"
}
```

Share folder with group:

```json
{
  "action": "add",
  "token": "fldcnXXX",
  "type": "folder",
  "member_type": "openchat",
  "member_id": "oc_xxx",
  "perm": "view"
}
```

## Configuration

```yaml
channels:
  feishu:
    tools:
      perm: true # default: false (disabled)
```

**Note:** This tool is disabled by default because permission management is a sensitive operation. Enable explicitly if needed.

## Permissions

Required: `drive:permission`

Overview

This skill manages Feishu document and file permissions to list, add, and remove collaborators across documents, folders, sheets, wikis, and other Feishu token types. It is designed for secure, auditable sharing workflows and requires explicit enablement due to the sensitive nature of permission changes. Use it to automate collaborator updates, verify current access, and enforce sharing policies.

How this skill works

The tool accepts structured actions (list, add, remove) with a Feishu token and type (doc, docx, sheet, folder, file, wiki, mindnote, bitable). For add/remove it requires member_type (email, openid, userid, unionid, openchat, opendepartmentid), member_id, and perm (view, edit, full_access). The list action returns current collaborators with member_type, member_id, perm, and name. Calls require drive:permission scope and the feature must be enabled in configuration.

When to use it

  • You need to verify who currently has access to a specific Feishu resource.
  • You want to grant edit or view rights to a user, group, or department programmatically.
  • You must revoke access from an individual or group after a role change or offboarding.
  • Automating bulk sharing for project onboarding or removing access during offboarding.
  • Auditing permissions before publishing or distributing sensitive files.

Best practices

  • Enable the permission tool only when necessary and audit usage regularly.
  • Prefer least-privilege perms (view or edit) and reserve full_access for administrators.
  • Use member types that map to stable identifiers (userid, openid, unionid) when possible to avoid broken email mappings.
  • Log every change with the acting account, reason, and timestamp for compliance.
  • Test changes on a non-production token or sandbox before applying to shared team folders.

Example use cases

  • List collaborators on a new project doc to confirm invited stakeholders before starting work.
  • Add an external consultant via email with edit permission for a contract document.
  • Remove an ex-employee by userid from shared folders and linked docs during offboarding.
  • Share a read-only release folder with a cross-team openchat group using openchat member_type.
  • Bulk-update a spreadsheet’s collaborators to change edit rights to view-only before archival.

FAQ

What permission scope is required?

The tool requires the drive:permission scope to manage and read permissions.

Which token types are supported?

Supported token types include doc, docx, sheet, bitable, folder, file, wiki, and mindnote.