← Back to Skills Marketplace

Shareone

Name: Shareone
Author: haibozhang1985

by sudoprivacy · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

152

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install shareone-skill

Description

发布本地生成的 HTML 网页、PDF 或 PPTX 到 ShareOne 平台，生成公网分享短链接（Capability URL）。当用户要求“发布”、“分享”、“生成链接”或“上线”某个生成的页面/文档时使用此技能。

Usage Guidance

This skill does perform the advertised uploads, but exercise caution: (1) it will read conversation history and local files and upload them — do not use it with confidential content; (2) it asks users to provide an API key and will save that key in plaintext at ~/.shareone_credentials — prefer setting SHAREONE_API_KEY in your environment securely rather than pasting keys into chat; (3) the code allows the upload endpoint to be overridden (SHAREONE_BASE_URL / --base-url) even though the instructions say to hardcode shareone.app — verify that SHAREONE_BASE_URL is not set to an untrusted host and do not pass a malicious --base-url; (4) inspect or remove ~/.shareone_credentials and .shareone_agreed if you uninstall the skill. Only proceed if you trust shareone.app and are comfortable with local plaintext storage of API keys and the agent uploading conversation/ files.

Capability Analysis

Type: OpenClaw Skill Name: shareone-skill Version: 1.0.2 The shareone-skill bundle is a legitimate tool designed to allow an AI agent to upload and share documents (HTML, PDF, PPTX) via the ShareOne platform. The bundle includes scripts for managing API keys locally (~/.shareone_credentials) and handling file uploads to https://shareone.app. Notably, the SKILL.md file contains proactive security instructions, such as a mandatory user consent step (checking for .shareone_agreed) and strict domain pinning to prevent the agent from being redirected to malicious endpoints via prompt injection. The code uses standard Node.js libraries and follows its stated purpose without any signs of hidden data exfiltration or unauthorized execution.

Capability Tags

crypto

Capability Assessment

ℹ Purpose & Capability

The name/description match the bundled scripts: the skill uploads HTML/PDF/PPTX or conversation-derived content to ShareOne and returns share links. However the registry metadata declares no required env vars while the SKILL.md and scripts clearly expect a SHAREONE_API_KEY and optionally a SHAREONE_BASE_URL; the skill also writes credential and consent files to the user's home directory (~/.shareone_credentials and .shareone_agreed). These are coherent with the stated purpose but the metadata omission is inconsistent and worth noting.

⚠ Instruction Scope

The runtime instructions explicitly direct the agent to extract the last generated conversation text or search for 'recently generated or edited files' and save them locally to upload. That means the agent may send prior conversation history or arbitrary local files to an external service. The SKILL.md also instructs the agent to ask the user to paste an API key into chat (which the skill will then save to disk), increasing the risk of secret exposure. The SKILL.md mandates a hardcoded domain (https://shareone.app) when returning share URLs, but the included scripts accept an override (SHAREONE_BASE_URL / --base-url), creating a mismatch between instructions and actual behavior.

ℹ Install Mechanism

This is an instruction-only skill with bundled Node.js scripts (no external install spec or downloads). That lowers supply-chain risk, but the packaged scripts will read and write files on disk (including credentials in the user's home directory). There is no attempt to download arbitrary code at runtime.

⚠ Credentials

The skill requires an API key for ShareOne (SHAREONE_API_KEY) to function — that is proportionate to the task — but the registry metadata did not list any required env vars, which is inconsistent. Scripts persist API keys in plaintext at ~/.shareone_credentials. Moreover the scripts allow overriding the upload domain via SHAREONE_BASE_URL or CLI args, which could be used to redirect uploads to a different endpoint if an environment variable or argument is set. The skill also encourages the user to paste API keys into chat, which is poor practice for secret handling.

ℹ Persistence & Privilege

The skill does not request elevated system privileges nor is it always-enabled. It will create or modify files in the user's home directory (.shareone_credentials and .shareone_agreed) and writes temporary files in the current working directory when packaging conversation content. Persisting credentials and a consent marker is behavior expected for this function, but users should be aware of the local files created and their plaintext nature.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install shareone-skill
After installation, invoke the skill by name or use /shareone-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

- All scripts have been reorganized into a new scripts/ subdirectory for improved code structure and clarity. - API and file operation instructions updated to reference scripts/ path when calling Node.js helper scripts. - All relevant API URLs updated from shareone.sudoprivacy.com to shareone.app for current platform alignment and correct domain enforcement. - Upload and file update steps clarified for both first-time and update (PUT) scenarios, including optional password/watermark handling. - Feature discovery tip wording and prompting logic improved—now provides context-aware suggestions for using password and watermark features only on first link generation in a session.

v0.1.0

shareone-skill v0.1.0 - Initial release of the shareone skill for publishing local HTML, PDF, or PPTX files to ShareOne and generating a public short link. - Supports publishing conversation history or generated documents based on various user intents (e.g., publish, share, generate link). - Handles API Key detection and management, including prompts and guest key creation. - Enforces user consent and content compliance before publishing. - Provides detailed error handling and strict domain constraints for generated share links. - Allows optional password protection and watermark for shared content.

Metadata

Slug shareone-skill

Version 1.0.2

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Shareone?

发布本地生成的 HTML 网页、PDF 或 PPTX 到 ShareOne 平台，生成公网分享短链接（Capability URL）。当用户要求“发布”、“分享”、“生成链接”或“上线”某个生成的页面/文档时使用此技能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.

How do I install Shareone?

Run "/install shareone-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Shareone free?

Yes, Shareone is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Shareone support?

Shareone is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Shareone?

It is built and maintained by sudoprivacy (@haibozhang1985); the current version is v1.0.2.

More Skills