← Back to Skills Marketplace
openclawzhangchong

ftp-client-zc

by 张翀 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
57
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ftp-client-zc
Description
Performs basic FTP operations like list, upload, download, delete, and rename using stored or provided credentials with Node.js basic-ftp.
README (SKILL.md)

FTP Client Skill (ZC)

Skill ID: ftp-client-zc

Description: Provides basic FTP operations (list, upload, download, delete, rename) for a configured FTP server. All operations are performed via the Node.js basic-ftp library. Credentials are obtained from OpenClaw's secret store (key ftp-client-zc/cred) or, as a fallback, from a local creds.json file (which is excluded from publishing).

Parameters

Action Required args Optional args Description
list host (or use stored) path (remote directory, default /) List files/directories in the given remote path.
upload localPath, remotePath host Upload a local file (or directory) to the FTP server.
download remotePath, localPath host Download a remote file (or directory) to local filesystem.
delete remotePath host Delete a remote file or empty directory.
rename oldPath, newPath host Rename or move a remote file/directory.

If host, user, and password are omitted, the skill will first try to read them from the OpenClaw secret ftp-client-zc/cred; if not found, it falls back to the local creds.json (which should not be published).

Usage Examples

# List root directory (uses stored credentials)
openclaw skill run ftp-client-zc list

# Upload a file, overriding host
openclaw skill run ftp-client-zc upload --host 47.119.167.86 --user test --password zhangchong --localPath "C:\path\file.txt" --remotePath "/uploads/file.txt"

Security

  • Credentials are never logged.
  • All network actions require explicit user approval via /approve before execution.
  • When using the local creds.json fallback, ensure the file is protected by filesystem permissions and is excluded from the published npm package via .npmignore.

Created by 张小龙🦞

Usage Guidance
This skill appears to implement an FTP client correctly, but there are two things to consider before installing: (1) creds.json is included in the package and contains plaintext credentials — do not use the skill if those are real credentials you care about; ask the author to remove creds.json from the published bundle and rotate any exposed credentials. (2) The code runs shell commands to read OpenClaw secrets (execSync) and will connect to arbitrary FTP hosts and read/write local files as requested — only grant it access if you trust the skill and the FTP target. Prefer a version that uses the platform SDK for secrets (rather than exec'ing a CLI) and that does not include plaintext credentials in the package. If you need higher assurance, request the author to remove the embedded creds.json, show a provenance/source (homepage/repo), and explain how user approval is enforced.
Capability Analysis
Type: OpenClaw Skill Name: ftp-client-zc Version: 1.0.0 The skill implements a standard FTP client providing list, upload, download, delete, and rename operations using the 'basic-ftp' library. It retrieves credentials via the OpenClaw CLI ('openclaw secrets get') or a local 'creds.json' fallback. While it uses 'execSync' for secret retrieval and defaults to insecure FTP (secure: false), these behaviors are consistent with the stated purpose and do not show evidence of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The code implements list/upload/download/delete/rename via the basic-ftp library, which matches the skill name/description. However SKILL.md says a local creds.json should be excluded from publishing, yet creds.json is present in the package and contains plaintext credentials — this contradicts the stated guidance and is disproportionate to the stated 'do not publish' claim.
Instruction Scope
SKILL.md limits scope to FTP operations and instructs using secrets from OpenClaw or a local creds.json; the code follows that. The README claims 'All network actions require explicit user approval via /approve' — that is a platform-level behavior, not enforced in the code itself. The runtime code performs expected filesystem access (read/write for upload/download) and network access to arbitrary FTP hosts, which is consistent with the purpose but requires user awareness.
Install Mechanism
There is no external install script in the skill bundle; dependencies are normal npm packages (basic-ftp, minimist). package-lock references an npm mirror but otherwise the install surface is standard and proportionate.
Credentials
The skill doesn't request environment variables, but it runs shell commands (execSync 'openclaw secrets get ftp-client-zc/cred') to obtain secrets from the platform; that is reasonable but notable. The bigger concern is that a creds.json with host/user/password is included in the package manifest and files — this embeds plaintext credentials despite SKILL.md advising it should be excluded. Inclusion of defaults or real credentials in the bundle can leak sensitive data and is disproportionate to the skill's benign description.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide config changes, and does not modify other skills. It does spawn child processes to run the node scripts, which is standard for this packaging approach.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ftp-client-zc
  3. After installation, invoke the skill by name or use /ftp-client-zc
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of FTP Client Skill (ZC): - Provides basic FTP operations: list, upload, download, delete, and rename. - Uses the Node.js `basic-ftp` library for all FTP actions. - Retrieves credentials securely from OpenClaw's secret store or a local `creds.json` fallback. - All network actions require explicit user approval before execution. - Credentials are never logged; local credential files are excluded from published packages.
Metadata
Slug ftp-client-zc
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ftp-client-zc?

Performs basic FTP operations like list, upload, download, delete, and rename using stored or provided credentials with Node.js basic-ftp. It is an AI Agent Skill for Claude Code / OpenClaw, with 57 downloads so far.

How do I install ftp-client-zc?

Run "/install ftp-client-zc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ftp-client-zc free?

Yes, ftp-client-zc is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ftp-client-zc support?

ftp-client-zc is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ftp-client-zc?

It is built and maintained by 张翀 (@openclawzhangchong); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments