Skills
Feishu Drive skill review: file ops for sales, untested
feishu-drive is a narrowly scoped Feishu cloud storage connector with solid security (99/100) but zero installs and no user ratings. Core limitation: Feishu bots cannot access root folders, requiring manual setup by users first.
A skill in Claude Code is a structured extension that grants agents direct access to external tools and APIs without hardcoding credentials or polling loops. The feishu-drive skill packaged at agentskill.sh by openclaw is one such extension, designed to let agents list, create, move, and delete files within Feishu cloud storage. Before adopting it, assess whether it solves a real problem and whether its current maturity level justifies the integration overhead.
Marketplace standing and risk profile
| Metric | Value | Context |
|---|---|---|
| Installs | 0 | Never deployed on agentskill.sh; no real-world usage data |
| User rating | 0/5 (0 votes) | No user feedback; cannot assess reliability claims |
| Security score | 99/100 | Codebase vetted; no known vulnerabilities |
| Content quality | 75/100 | Functional documentation present; scope is narrow |
| Upstream GitHub stars | 374,232 | Feishu itself is mature; this is the integrator, not the platform |
| Last update | 2026-06-15 | Freshness is not a concern if the API is stable |
The zero-installs metric is the loudest signal. It means no one on the agentskill marketplace has trusted this skill with production workloads. The 99/100 security score suggests the code has been scanned and passes basic hygiene, but security alone does not guarantee functionality. A skill can be non-exploitable and still be broken. With zero ratings, there is no user-driven confidence anchor.
What the skill claims to do
The SKILL.md declares feishu-drive as a single tool for cloud storage operations with activation triggers when users mention “cloud space,” “folders,” or “drive.” It is categorized as a sales capability, with secondary tags for support and operations.
The skill implements five core actions:
- List folder contents (root or by folder_token)
- Get file info (by file_token and type)
- Create folder (in root or within a parent folder)
- Move file (to a target folder_token)
- Delete file
Supported file types span Feishu’s native formats: doc, docx, sheet, bitable, folder, mindnote, shortcut, and generic file uploads. Token extraction follows Feishu’s URL pattern, pulling an identifier from paths like https://xxx.feishu.cn/drive/folder/ABC123.
Configuration is minimal. Add drive: true under channels.feishu.tools in your agent config, enable one of two permission scopes (full or read-only), and the agent can begin sending JSON action payloads.
Installation and platform constraints
On Claude Code, you would install this skill by registering the SKILL.md manifest at .claude/skills/openclaw/feishu-drive/SKILL.md and linking your Feishu tenant credentials via OAuth or token. The marketplace listing is at https://agentskill.sh/openclaw/feishu-drive.
This skill is marked as platform-agnostic (“openclaw”), meaning it should work across any Claude Code environment that supports the agentskill.sh registry. However, zero real deployments mean no one has tested cross-platform behavior, edge cases, or rate limit handling in production Feishu environments.
Capability comparison: Feishu-drive versus alternatives
| Aspect | feishu-drive | Generic REST API wrapper | Native Feishu bot SDK |
|---|---|---|---|
| Activation trigger | Voice/text mention | Manual tool routing | Manual event binding |
| Scope | 5 file operations | Unlimited (user builds it) | 100+ Feishu APIs |
| Setup friction | Marketplace install | Write code, vet security | Feishu developer console |
| Permission model | 2 presets (full/readonly) | Custom (build yourself) | Feishu’s scoping rules |
| Community validation | 0 installs | Varies | High (native tool) |
| Learning curve | Low (JSON config) | Medium (REST logic) | Medium (Feishu idioms) |
For agents that need file operations within Feishu, feishu-drive is positioned as the low-friction choice. You do not write REST code; you invoke actions. But that convenience comes at the cost of flexibility: you are bound to the five actions the skill author chose to expose. If you need Feishu’s AI capabilities, document generation, or email integration, this skill will not help.
Alternatively, if your agents are cloud-agnostic and serve users across platforms, a generic S3, Google Drive, or OneDrive connector offers broader utility and higher install counts on agentskill.sh, signaling more tested code paths.
Known limitations and gotchas
The SKILL.md explicitly warns of one critical constraint: “Feishu bots have no root folder.” Bots authenticate via tenant_access_token and do not have a personal “My Space.” This means:
- Calling
create_folderwithout afolder_tokenreturns a 400 error. - The bot can only access folders that users have manually created and explicitly shared with the bot.
- The workaround requires user friction: each team must set up a shared folder first, then the agent can operate within it.
This is not a bug in the skill; it is a hard boundary in Feishu’s permissions model. But it is rarely disclosed in sales pitches. If you are deploying this for support teams or sales reps who expect “just give the agent access to my drive,” you will disappoint them. They must first create a shared folder in Feishu and configure the bot as a member.
A second hidden friction point: the info action searches for files only in the root or a specified folder. It does not search the entire Feishu workspace. If a file exists but you do not know its folder_token, you must first call list to explore the tree, increasing API calls and latency.
Third, the skill’s trigger description (“mentions cloud space, folders, drive”) is vague. Natural language routing is fragile. An agent asked “move the Q3 review doc to shared drive” might not trigger the skill if the language falls outside the author’s training set. Without user ratings or deployment logs, there is no evidence that the activation heuristic works at scale.
Security and permissions
The skill supports two permission scopes:
drive:drive: Full write access (create, move, delete).drive:drive:readonly: Read-only (list, info).
These map to Feishu’s coarse-grained permission model. There is no row-level or folder-level access control baked into the skill itself. If you grant an agent drive:drive, it can delete any folder the authenticated user can reach. For sales teams, this is risky if multiple agents or users share the same token. Fine-grained control requires Feishu’s own permission UI.
The security score of 99/100 suggests the code has no obvious injection vulnerabilities, but it does not validate that the permission model is adequate for your threat model.
When to use this skill
Use feishu-drive if:
- Your team is already deep in Feishu and needs agents to organize or retrieve documents.
- You want a low-code integration without building a REST wrapper.
- Your use case is read-heavy (list, info) and does not require root folder writes.
- Your security boundary allows a single bot token to manage multiple folders.
Skip feishu-drive if:
- You need cloud-agnostic file operations across Feishu, Google Drive, and S3.
- Your team expects agents to create folders at the root level without user setup.
- You need full-text search or AI document summarization (out of scope).
- Zero installs and no user ratings concern you; you want battle-tested code.
Takeaways
The feishu-drive skill is a functionally sound but unproven integration. Its 99/100 security score and clear documentation suggest the author invested in quality, but zero installs and zero ratings mean it has never been validated in production. The root folder limitation is a breaking constraint for many use cases and is not highlighted prominently enough in the marketing description. For Feishu-native teams with simple file operations and tolerance for some user setup friction, it is worth a pilot. For organizations seeking a general-purpose file API, a more widely deployed skill or a custom REST wrapper is safer.
The skill’s category as “sales” is appropriate if your reps use Feishu to store proposal templates or client docs, but the broad trigger language suggests the author intended it for any file-centric workflow. That ambiguity, paired with zero deployment evidence, makes it a cautious choice.
Further reading
- agentskill.sh feishu-drive listing - Official skill marketplace entry and feedback mechanism.
- Feishu Drive API documentation - Canonical reference for Feishu’s file and folder operations.
- Claude Code skills overview - How skills extend Claude Code agent capabilities.
- agentskill.sh security and content standards - Scoring rubric and vetting process for skills.
- Feishu bot permissions - Root cause of the no-root-folder limitation and workarounds.
Frequently asked
What does the feishu-drive skill do?
It integrates Feishu cloud storage into Claude Code agents, enabling list, create, move, and delete operations on folders and files. Activation triggers when users mention cloud space, folders, or drive.
Why is this skill marked as having zero installs?
The skill was last updated in June 2026 and has never been installed on agentskill.sh. With no installs and zero ratings, there is no community validation of its functionality or reliability at scale.
What is the main bot limitation?
Feishu bots do not have a root folder. They can only access folders that users manually create and share with them first. Attempting to create a folder without specifying a folder_token returns a 400 error.
What permissions does this skill need?
Two permission levels are supported: drive:drive (full create, move, delete access) and drive:drive:readonly (list and info only). Permissions must be granted at the bot or tenant level in Feishu.
When should I use this instead of a generic file API?
Use this skill only if your agent needs native Feishu integration and your users already store documents in Feishu. If your user base is cloud-agnostic, a generic S3 or Google Drive connector offers broader compatibility.