← Back to Skills Marketplace
921
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install local-file-manager
Description
Read, write, append, and list local files in the session's working directory. Use when you need to persist output to disk, read input files, or manipulate fi...
README (SKILL.md)
Local File Manager Skill
This skill provides safe file I/O operations within the session's cwd. It is designed for roles that need to store outputs locally (no cloud sync).
Capabilities
- Read file: Get contents of a text file
- Write file: Create or overwrite a file
- Append file: Add content to existing file
- List files: Directory listing with filtering
- Delete file: Remove a file (with safety checks)
- Copy/Move: Simple file operations
When to Use
Role needs to:
- Save generated code/analysis to disk
- Read input documents (PDFs, text, etc.)
- Append logs or results
- Create output files in Markdown/JSON/CSV
Usage
# Read a file
file-manager --action read --path output.md
# Write content (from stdin or --content)
file-manager --action write --path result.json --content '{"status":"done"}'
# Append to file
file-manager --action append --path log.txt --content "Job completed at $(date)"
# List files in directory
file-manager --action list --dir . --pattern "*.md"
# Create directory
file-manager --action mkdir --dir reports
# Delete file (with confirmation)
file-manager --action delete --path old_file.txt
Safety
- Sandboxed to cwd: Cannot access files outside session's working directory
- Protected files: Cannot delete files starting with
.or in../ - Size limit: Max file size 10MB (configurable)
- Dry-run support:
--dry-runshows what would happen
Integration with Roles
In role config, enable this skill:
plugins:
allow:
- local-file-manager
- doc-parser
Then in the role's system prompt, guide usage:
When you finish analysis, write the result to a file:
file-manager --action write --path summary.md --content "$YOUR_MARKDOWN"
Examples
Researcher saving analysis:
file-manager --action write --path analysis_$(date +%Y%m%d).md \
--content "# Analysis\
\
## Summary\
..."
Developer saving code:
file-manager --action write --path src/main.py --content "$CODE"
Automation appending log:
file-manager --action append --path /var/log/automation.log \
--content "[$(date)] Task completed\
"
Error Handling
- If file doesn't exist for read: returns error code 1
- If path is outside cwd: denied
- If write fails (permission): returns error
- All errors logged to
~/.openclaw/logs/file-manager.log
Configuration
Environment variables:
FILE_MANAGER_MAX_SIZE: Max file size in bytes (default 10485760)FILE_MANAGER_LOG: Path to operation log (default~/.openclaw/logs/file-manager.log)FILE_MANAGER_DRY_RUN: Set to "1" to only simulate operations
Usage Guidance
This skill appears to implement local file operations but has packaging and safety issues you should resolve before trusting it with important data. Key concerns: (1) index.ts hard-codes a developer path (/Users/nico/...) — the skill may fail or behave unexpectedly on your system; ask the author to use a relative path or bundle the script location. (2) index.ts concatenates arguments into a shell command without escaping — this can lead to command injection if untrusted content is passed; request that the author use spawn/execFile with an args array or properly escape/validate inputs. (3) skill.json lists Python entry points that don't exist — metadata should match the actual files. (4) Examples in SKILL.md showing absolute paths are misleading given the script's sandboxing; request clearer documentation. If you decide to install: do not run with sensitive files or elevated privileges until these issues are fixed, run in an isolated environment, and ask the maintainer to patch argument handling and packaging inconsistencies.
Capability Analysis
Type: OpenClaw Skill
Name: local-file-manager
Version: 1.0.0
The skill contains a critical command injection vulnerability in index.ts, where arguments (including file content and paths) are joined into a shell string and executed via execAsync without sanitization. This allows for arbitrary code execution on the host system. Additionally, index.ts contains a hardcoded absolute path (/Users/nico/...) for the shell script, which is highly irregular for a portable skill bundle. While these represent severe security flaws (RCE), they appear to be unintentional vulnerabilities rather than intentional malware, as no exfiltration logic or backdoors were identified.
Capability Assessment
Purpose & Capability
The declared purpose (read/write/list files in the session cwd) is consistent with the code and SKILL.md. However the packaged metadata is inconsistent: skill.json names Python entry points and requirements, while the repo contains a TypeScript entry (index.ts) and a bash script. The index.ts references a hard-coded absolute script path (/Users/nico/...), which is a developer-specific path and unlikely to exist in a user's environment. These mismatches suggest sloppy packaging or leftover dev state.
Instruction Scope
The SKILL.md and the shell script implement a sandbox-to-cwd model and list reasonable options. But the README/examples mention absolute paths (e.g., /var/log/automation.log) that contradict the stated 'sandboxed to cwd' behavior (the script strips leading slashes). More importantly, the TypeScript entry builds a shell command by concatenating unescaped arguments into a single exec string, which lets specially crafted content or path values alter the shell invocation (command injection risk). The runtime also logs to ~/.openclaw/logs/file-manager.log, which is outside the session cwd but documented — this is plausible but should be noticed by users.
Install Mechanism
No install spec or remote downloads are present (instruction-only / local code bundled). That lowers supply-chain risk. No external URLs or archive extraction steps are used.
Credentials
The skill declares no required environment variables in registry metadata, while SKILL.md documents optional env vars (FILE_MANAGER_MAX_SIZE, FILE_MANAGER_LOG, FILE_MANAGER_DRY_RUN) — this is reasonable. skill.json restricts file permissions to the workspace (~/.openclaw/workspace/**), which aligns with the stated intent. There is no request for unrelated credentials. However, the hard-coded scriptPath in index.ts and the log file written under the user's home indicate the code assumes access to specific user paths; that reduces portability and may surprise users.
Persistence & Privilege
The skill does not request permanent/always-on privileges, does not modify other skills, and is user-invocable only. Its logged operations are local to the user account (writes to ~/.openclaw/logs by default).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install local-file-manager - After installation, invoke the skill by name or use
/local-file-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Local skill registration
Metadata
Frequently Asked Questions
What is Local File Manager?
Read, write, append, and list local files in the session's working directory. Use when you need to persist output to disk, read input files, or manipulate fi... It is an AI Agent Skill for Claude Code / OpenClaw, with 921 downloads so far.
How do I install Local File Manager?
Run "/install local-file-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Local File Manager free?
Yes, Local File Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Local File Manager support?
Local File Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Local File Manager?
It is built and maintained by liyico (@liyico); the current version is v1.0.0.
More Skills