After onboarding succeeds, configure the Feishu or Lark bot.
Current OpenClaw releases bundle the Feishu plugin. If your install does not include it, run openclaw plugins install @openclaw/feishu first.

1. Create the Feishu App

In Feishu or Lark Open Platform:
  1. Create an app (创建应用).
  2. Enable bot capability (添加应用能力 → 机器人).
  3. Copy the App ID and App Secret.
Use Feishu Open Platform for China tenants and Lark Open Platform for international tenants.

Working Permission Set

If you want the fastest first setup, use this known working batch-import permission set: 
{
  "scopes": {
    "tenant": [
      "aily:file:read",
      "aily:file:write",
      "application:application.app_message_stats.overview:readonly",
      "application:application:self_manage",
      "application:bot.menu:write",
      "cardkit:card:read",
      "cardkit:card:write",
      "contact:user.employee_id:readonly",
      "corehr:file:download",
      "event:ip_list",
      "im:chat.access_event.bot_p2p_chat:read",
      "im:chat.members:bot_access",
      "im:message",
      "im:message.group_at_msg:readonly",
      "im:message.p2p_msg:readonly",
      "im:message:readonly",
      "im:message:send_as_bot",
      "im:resource"
    ],
    "user": [
      "aily:file:read",
      "aily:file:write",
      "im:chat.access_event.bot_p2p_chat:read"
    ]
  }
}
This is a working broad set from the current OpenClaw Feishu setup path, not a minimal audited permission list.

2. Add the Feishu Config

Set the channel config: 
openclaw config set channels.feishu.enabled true --json
openclaw config set channels.feishu.appId "<FEISHU_APP_ID>"
openclaw config set channels.feishu.appSecret "<FEISHU_APP_SECRET>"
openclaw config set channels.feishu.domain "feishu"
openclaw config set channels.feishu.connectionMode "websocket"
openclaw config set channels.feishu.requireMention true --json
openclaw config set channels.feishu.dmPolicy pairing
openclaw config set channels.feishu.groupPolicy open
If you use Lark instead of Feishu: 
openclaw config set channels.feishu.domain "lark"

3. Start the Gateway

mkdir -p ~/.openclaw/logs
nohup openclaw gateway > ~/.openclaw/logs/gateway-sandbox.log 2>&1 & echo $! > ~/.openclaw/gateway-sandbox.pid
sleep 4
Verify the gateway: 
openclaw gateway status
tail -n 60 ~/.openclaw/logs/gateway-sandbox.log
What you want to see:
  • RPC probe: ok
  • a log line showing the Feishu runtime started
Ignore the systemd warnings in the sandbox container.

4. Enable Event Subscriptions

After the gateway’s first connection, go back to the Feishu Developer Console for your app:
  1. Events and Callbacks (事件与回调) → set subscription mode to Receive events through persistent connection (使用长连接接收事件/回调). This option only appears after the first WebSocket connection.
  2. Add the event subscription im.message.receive_v1 (接收消息) — without this the bot connects but never receives messages.
  3. Under Permissions (权限管理), confirm the scope im:message:receive_v1 (读取用户发给机器人的消息) is approved.
  4. Publish the app (版本管理与发布) — unpublished apps cannot receive events.
After saving, restart the gateway: 
kill $(cat ~/.openclaw/gateway-sandbox.pid) 2>/dev/null
nohup openclaw gateway > ~/.openclaw/logs/gateway-sandbox.log 2>&1 & echo $! > ~/.openclaw/gateway-sandbox.pid
sleep 4

5. Approve Pairing

By default, unknown Feishu users receive a pairing code. Approve that code in the sandbox: 
openclaw pairing approve feishu <PAIRING_CODE>
Then send another DM to the bot.
Feishu channel auth and model auth are separate. If Feishu connects but the bot does not produce real replies, finish the model-auth step next.
If Feishu accepts messages but OpenClaw cannot send replies, re-check the permission set above, especially im:message:send_as_bot, im:message:readonly, and im:chat.members:bot_access. Next: continue to /openclaw/setup/auth.