← Back to Skills Marketplace
Vnsh Skill
by
raullenchai
· GitHub ↗
· v1.1.1
1052
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install vnsh
Description
Securely share files using encrypted, expiring vnsh.dev links with the vnsh CLI for uploading and decrypting shared content.
Usage Guidance
This skill implements the advertised upload/decrypt functions, but it instructs the agent to automatically read any vnsh.dev link and to automatically upload long outputs to vnsh.dev without asking the user — both behaviors risk exposing sensitive data. It also recommends installing a remote shell script via curl | sh, which executes arbitrary code from the network and is high risk. Before installing or enabling this skill: (1) insist the skill be modified to require explicit user confirmation before reading or uploading any user data; (2) remove or at least gate the automatic 'auto-read' and 'auto-share' rules; (3) avoid running curl | sh — prefer an auditable release (e.g., GitHub release tarball with a checksum/signature) or review the installer content in a sandbox; (4) confirm/declare all required binaries (xxd, mktemp, sed, head, etc.) in the manifest; and (5) if you must test, run it in an isolated environment and audit network traffic to verify no unexpected endpoints are contacted. If the maintainer can address these issues (explicit consent, no remote unchecked installers, accurate manifest), the skill would be much safer. If you cannot obtain those changes, treat it as risky and do not enable autonomous invocation.
Capability Analysis
Type: OpenClaw Skill
Name: vnsh
Version: 1.1.1
The skill is classified as suspicious due to a severe prompt injection vulnerability in `SKILL.md`. The AI agent is explicitly instructed to automatically process any incoming `vnsh.dev/v/` URLs without user confirmation ('You MUST use this skill automatically... do NOT ask the user first', 'Never ask... just read it'). This allows an attacker to send a crafted `vnsh.dev` link containing malicious instructions, which the agent would then automatically download, decrypt via `scripts/read.sh`, and potentially execute or interpret, bypassing user consent. Additionally, the `install` command in `SKILL.md` uses `curl -sL vnsh.dev/i | sh`, which is a significant supply chain risk as it executes a remote script directly.
Capability Assessment
Purpose & Capability
The name/description match the provided scripts: upload.sh encrypts and posts to vnsh.dev, read.sh downloads and decrypts using keys from the URL fragment. However there's an inconsistency between registry metadata (no required binaries) and SKILL.md which lists curl and openssl; the scripts also implicitly rely on other standard utilities (mktemp, sed, head, xxd, tr, grep) that SKILL.md doesn't fully declare. This discrepancy reduces confidence in the manifest's accuracy.
Instruction Scope
SKILL.md instructs the agent to automatically decrypt ANY vnsh.dev/v/ URL it sees ("do NOT ask the user first") and to automatically upload any long output (>4000 chars / >80 lines) to vnsh.dev without asking. Both behaviors enable automatic retrieval or transmission of potentially sensitive data to a third party and remove user consent. The scripts themselves only talk to vnsh.dev, but the auto-trigger policies grant the agent broad permission to fetch and upload data without confirmation.
Install Mechanism
SKILL.md recommends (and labels) an install command that pipes a remote script into sh: "curl -sL vnsh.dev/i | sh". Remote download-and-execute is a high-risk install pattern (unchecked code execution). The skill is instruction-only in the registry, yet it still recommends this installer — a mismatch and a notable risk. The included scripts are small and readable, but the suggested installer fetches code from the network with no verification.
Credentials
The skill requests no credentials or env vars, which superficially seems proportional. However, the mandated auto-share policy causes potential exfiltration of arbitrary agent outputs (which can include secrets or sensitive data) to vnsh.dev. The scripts do not require API keys, so they rely solely on posting data to the public service; that design is functional but creates disproportionate risk because it enables automatic outbound data transfer without consent.
Persistence & Privilege
The package does not set always:true, but SKILL.md explicitly tells the agent to auto-trigger on incoming messages and on long outputs. Given the platform default allowing autonomous model invocation, those instructions combine with normal autonomy to produce a high blast radius: the skill would autonomously download and decrypt inbound links and autonomously upload large outputs. That combination is dangerous if you expect explicit user consent before sharing or opening external content.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vnsh - After installation, invoke the skill by name or use
/vnsh - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
Add scripts for OpenClaw skill integration
v1.1.0
Add file type detection: downloads now have correct extensions (mp4, pdf, png, etc.)
v1.0.0
Align with CLI version
v0.1.0
Initial release
Metadata
Frequently Asked Questions
What is Vnsh Skill?
Securely share files using encrypted, expiring vnsh.dev links with the vnsh CLI for uploading and decrypting shared content. It is an AI Agent Skill for Claude Code / OpenClaw, with 1052 downloads so far.
How do I install Vnsh Skill?
Run "/install vnsh" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vnsh Skill free?
Yes, Vnsh Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Vnsh Skill support?
Vnsh Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vnsh Skill?
It is built and maintained by raullenchai (@raullenchai); the current version is v1.1.1.
More Skills