← Back to Skills Marketplace
1008
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install node-transfer
Description
High-speed, memory-efficient file transfer between OpenClaw nodes using Node.js native streams and token-secured HTTP streaming without Base64 encoding.
Usage Guidance
This skill appears to do what it says (fast streaming transfers) and doesn't require external credentials, but it does run scripts on remote nodes and opens ephemeral HTTP ports. Before installing: 1) review send.js/receive.js/ensure-installed.js/deploy.js to confirm they only serve intended file paths and that tokens are cryptographically strong and single-use; 2) inspect the PowerShell output from deploy.js to ensure it doesn't modify unrelated system settings or create persistent privileged services; 3) restrict deployments to trusted nodes, enforce firewall rules (limit inbound IPs or bind to non-public interfaces if possible), and test transfers in a safe environment; 4) rotate or limit node.invoke credentials used to deploy these scripts. If you cannot audit the code, consider treating it as high-risk and avoid installing on production systems.
Capability Analysis
Type: OpenClaw Skill
Name: node-transfer
Version: 1.0.0
The OpenClaw AgentSkills skill bundle `node-transfer` is designed for high-speed, memory-efficient file transfer between nodes. All scripts (`send.js`, `receive.js`, `deploy.js`, `ensure-installed.js`) and documentation (`SKILL.md`, `CONTRIBUTING_PROPOSAL.md`, `INVESTIGATION_REPORT.md`, `README.md`) are clearly aligned with this stated purpose. The file transfer mechanism uses HTTP streaming with a one-time, token-based authentication and auto-shutdown, which are reasonable security measures for its function. The `deploy.js` script generates PowerShell commands to install the skill's own scripts, using Base64 encoding for reliable transport, not obfuscation of malicious payloads. There is no evidence of data exfiltration, unauthorized execution, persistence, or prompt injection attempts against the agent in any of the analyzed files.
Capability Assessment
Purpose & Capability
The SKILL.md and included files (send.js, receive.js, ensure-installed.js, deploy.js) all align with a node-to-node streaming transfer tool. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Instructions tell the agent to deploy and execute Node.js/PowerShell scripts on target nodes and to start ephemeral HTTP servers that serve arbitrary files from disk. That is within the described purpose, but it expands the agent's runtime scope to remote execution and network exposure — review what paths and files the scripts allow being served, and whether servers bind to all interfaces or loopback.
Install Mechanism
No external install/downloads are specified; the repository provides the scripts directly. This avoids remote-code-fetch risks, though you should still inspect the bundled deploy.js/PowerShell output before running it.
Credentials
The skill does not request environment variables, credentials, or config paths beyond using nodes.invoke to run commands on nodes. That is proportional to a remote deployment/transfer utility; there are no unexplained secret requirements.
Persistence & Privilege
The skill does not set always:true and model invocation defaults apply. However, it instructs installing persistent scripts on nodes (install-once pattern). Installing persistent server code on nodes increases long-term attack surface — ensure deployments are limited to trusted nodes and that auto-shutdown, token lifetimes, and logging are appropriate.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install node-transfer - After installation, invoke the skill by name or use
/node-transfer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
node-transfer v1.0.0
- Initial release introducing high-speed, memory-efficient file transfer between OpenClaw nodes using native Node.js HTTP streams.
- Eliminates base64 encoding and large memory usage present in previous transfer methods.
- Provides a secure, token-protected streaming architecture with one-time install and persistent scripts.
- Includes robust CLI and programmatic API with progress reporting and version checks.
- Supports multi-GB file transfers within seconds, drastically improving speed and reliability over base system.
Metadata
Frequently Asked Questions
What is Node Transfer?
High-speed, memory-efficient file transfer between OpenClaw nodes using Node.js native streams and token-secured HTTP streaming without Base64 encoding. It is an AI Agent Skill for Claude Code / OpenClaw, with 1008 downloads so far.
How do I install Node Transfer?
Run "/install node-transfer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Node Transfer free?
Yes, Node Transfer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Node Transfer support?
Node Transfer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Node Transfer?
It is built and maintained by EisonMe (@eisonme); the current version is v1.0.0.
More Skills