← Back to Skills Marketplace
Resilient File Delivery
by
Shepherd217
· GitHub ↗
· v1.0.0
870
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install resilient-file-delivery
Description
Deliver files via multi-channel fallback (Telegram, Discord, Google Drive, S3, IPFS) with automatic retries, chunking, integrity checks, and delivery tracking.
Usage Guidance
This skill raises multiple red flags. Before installing or using it: (1) Do not run the suggested npm/pip install on a production host — the bundle provides no code and would force you to fetch external packages. (2) Ask the publisher for the actual source code or verify the GitHub repo and confirm the package contents match the docs (look for index.js and implementation). (3) Be wary of the phrase 'bypass sandbox restrictions' — that indicates evasive behavior and possible misuse for exfiltration. (4) If you need this capability, run any tests in an isolated environment, and only provide API keys/tokens with least privilege and temporary credentials. (5) Require the author to list precisely which credentials are needed and how they are used; if they cannot justify them, do not install.
Capability Analysis
Type: OpenClaw Skill
Name: resilient-file-delivery
Version: 1.0.0
This skill is classified as suspicious due to its powerful capabilities that, while potentially legitimate, present a significant risk for data exfiltration and unauthorized file transfer if misused. The skill explicitly allows reading arbitrary local files (e.g., `file: '/path/to/file.zip'`) and sending them via multiple external channels (Telegram, Discord, Google Drive, S3, IPFS), as detailed in `SKILL.md` and `README.md`. The repeated claim of 'Bypass sandbox restrictions' further highlights its potential to circumvent security controls. While there's no direct evidence of malicious intent by the developer, the combination of arbitrary file access and multi-channel exfiltration capability makes it a high-risk tool that could be exploited for sensitive data theft if an attacker can control the input to the skill.
Capability Assessment
Purpose & Capability
SKILL.md and README describe multi-channel delivery (Telegram, Discord, Google Drive, S3, IPFS) which legitimately requires service credentials and client libraries. However, the skill package contains no implementation files (no index.js or other code), yet package.json advertises a main entry and the docs instruct npm/pip installs. The skill bundle does not declare or request the credentials it clearly needs. The explicit claim to 'Bypass sandbox restrictions' is particularly concerning and not justified by a normal file-delivery use case.
Instruction Scope
The SKILL.md acts like library docs but also instructs agent operators to install external packages and shows code that would read local filesystem paths (file: '/path/to/file.zip') and send them to external platforms. Those instructions enable reading and transmitting local files to third parties. The guidance to 'bypass sandbox restrictions and email blocks' suggests evasion behavior beyond legitimate delivery and could be abused for data exfiltration.
Install Mechanism
There is no install spec in the skill bundle (instruction-only), which is lower risk by itself, but SKILL.md explicitly tells users to run 'npm install resilient-file-delivery' or 'pip install resilient-file-delivery' — i.e., to fetch and execute external packages. The bundle itself lacks the implementation files referenced in package.json, so the only way to obtain functionality would be to fetch code from external registries/repos at runtime. That external fetch increases risk because arbitrary third-party code would be installed and run.
Credentials
The skill declares no required environment variables or credentials, yet its features and README configuration clearly need tokens/credentials (Telegram BOT_TOKEN, Discord WEBHOOK_URL, Google Drive creds.json, S3 keys, IPFS gateway). This mismatch means the skill as packaged does not declare the sensitive access it requires — a red flag for potential credential misuse or unclear requirements. The README also suggests storing credentials in files (creds.json) which could encourage insecure handling.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable; model invocation is allowed (default). Autonomous invocation is normal for skills, but given the other red flags (undeclared credentials, evasion language, external installs), allowlisted/autonomous execution would increase risk — verify carefully before enabling autonomous runs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install resilient-file-delivery - After installation, invoke the skill by name or use
/resilient-file-delivery - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Multi-channel file delivery with automatic fallback (Telegram, Discord, S3, IPFS, email)
Metadata
Frequently Asked Questions
What is Resilient File Delivery?
Deliver files via multi-channel fallback (Telegram, Discord, Google Drive, S3, IPFS) with automatic retries, chunking, integrity checks, and delivery tracking. It is an AI Agent Skill for Claude Code / OpenClaw, with 870 downloads so far.
How do I install Resilient File Delivery?
Run "/install resilient-file-delivery" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Resilient File Delivery free?
Yes, Resilient File Delivery is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Resilient File Delivery support?
Resilient File Delivery is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Resilient File Delivery?
It is built and maintained by Shepherd217 (@shepherd217); the current version is v1.0.0.
More Skills