← 返回 Skills 市场

Background Download

Name: Background Download
Author: hansponddg

作者 hansponddg · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install background-download

功能描述

Asynchronous background download with retry, status tracking via Ontology, notifications to original channel. Supports resume on broken connections.

使用说明 (SKILL.md)

Background Download Skill

中文：后台异步下载技能

非阻塞下载，不占用主会话
支持断点续传，自动重试
通过 Ontology 跟踪状态
结果通知到原请求渠道

Asynchronous background file download with:

Non-blocking: returns immediately to user, downloads in background
Resumeable: uses curl/wget built-in continue (-c)
Retry: configurable max retries (default 3)
Status tracking: all tasks stored in Ontology knowledge graph
Notification: sends completion/failure notification to original channel
Housekeeping: heartbeat cleans up zombie tasks, archives old completed tasks

Commands

`start` - Start a new background download

python3 scripts/download.py start --title "Title" --url "https://example.com/file.zip" --path "/path/to/save/file.zip" --channel "feishu:direct:user_id" [--max-retries 3]

`status` - Check download status by task id

python3 scripts/download.py status --id down_xxxxxxx

`list` - List all download tasks filtered by status

python3 scripts/download.py list [--status pending|downloading|completed|failed|archived]

`archive` - Archive old completed tasks

python3 scripts/download.py archive --days 7

`cleanup-zombies` - Mark stale downloading tasks as failed

python3 scripts/download.py cleanup-zombies --hours 2

Architecture

User requests download
  ↓
Create DownloadTask in Ontology (status=pending)
  ↓
Fork background download process, exit immediately (non-blocking)
  ↓
Background:
  Update status → downloading
  Loop:
    Download with curl -C - (resume)
    If success:
      Update status → completed
      Send notification to original channel
      Done
    If fail:
      retry_count += 1
      If retry_count \x3C max_retries: wait 30s → retry
      Else:
        Update status → failed
        Send failure notification to original channel
        Done

Heartbeat daily:
  cleanup-zombies --hours 2
  archive --days 7

Ontology Schema

See references/schema.json for DownloadTask definition.

Required properties:

title: Human-readable download name
url: Download URL
path: Local path to save file
status: pending|downloading|completed|failed|archived
retry_count: Current number of retries
max_retries: Maximum retries (usually 3)
created_by_channel: Original channel identifier (channel_type:channel_id:user_id) for notification

Usage Example

# From another skill
from scripts.download import start_download
start_download(
    title="Obsidian Windows",
    url="https://github.com/obsidianmd/obsidian-releases/releases/download/v1.12.4/Obsidian-1.12.4.exe",
    path="/home/user/files/Obsidian.exe",
    channel="feishu:direct:ou_xxxxxxx",
    max_retries=3
)

Notification

Completion/failure notifications are sent via openclaw message send to the original channel recorded in created_by_channel.

Requirements

ontology skill must be installed and initialized
curl or wget available on system

安全使用建议

This skill appears to do what it claims (background downloads tracked in Ontology and notifications), but its implementation is risky rather than malicious. Key concerns to check before installing: - The code builds shell commands (ontology invocation, curl, openclaw message) by concatenating user-provided strings without escaping — this is vulnerable to shell injection. Review and/or patch the code to use argument lists or proper escaping (e.g., shlex.quote) and avoid shell=True. - The script assumes a hard-coded ontology script path under ~/.openclaw/...; confirm that this path is correct and that the referenced ontology CLI is trusted and safe. - Notifications include URL and file path information — decide whether that could leak sensitive URLs or filesystem locations to channels. - Background processes persist outside the agent session; run this skill in a restricted environment or with limited filesystem/network permissions if possible. - If you plan to let other skills call start_download programmatically, ensure callers cannot pass malicious values for 'url', 'path', or 'channel'. If you cannot audit and harden the code (escape shell args, validate inputs, or call the ontology/openclaw APIs safely), treat this skill as unsafe to enable in production.

功能分析

Type: OpenClaw Skill Name: background-download Version: 1.0.0 The skill contains multiple critical shell injection vulnerabilities in `scripts/download.py` due to the unsafe use of `subprocess.run(shell=True)` with unsanitized user inputs. Specifically, the `do_download`, `send_notification`, and `run_ontology_cmd` functions interpolate variables like `url`, `path`, and `message` directly into shell strings, which could allow an attacker to execute arbitrary commands. While the code's logic aligns with its stated purpose of background downloading, the high-risk implementation of command execution warrants a suspicious classification.

能力评估

✓ Purpose & Capability

Name/description (background, resume, retry, ontology tracking, notifications) align with the code and SKILL.md. Requiring an ontology skill and a message/CLI for notifications is expected for the described behavior. The need for curl/wget is justified.

⚠ Instruction Scope

The SKILL.md and code instruct the agent to create and update DownloadTask entities and to send notifications to the original channel — all consistent. However, the runtime instructions and code execute many shell commands (calling an ontology script, performing curl, invoking 'openclaw message send') and interpolate user-supplied strings into shell commands without escaping. The code also double-forks to create detached background processes. These behaviors expand the runtime scope considerably and introduce injection and operational risks that are not called out in the SKILL.md.

✓ Install Mechanism

No install spec; the skill is instruction-plus-code only. Nothing is downloaded from external URLs during install. This is low install risk, but the code will execute commands at runtime.

⚠ Credentials

The skill declares no env vars, which is consistent. But it assumes a specific local path for the ontology script (~/.openclaw/.../ontology/scripts/ontology.py) and uses the 'openclaw' CLI; these implicit dependencies and path assumptions grant it access to local agent memory and messaging. Notifications include URLs and paths which could leak sensitive info to channels. The skill accepts arbitrary URL/path/channel inputs which are directly interpolated into shell commands — disproportionate risk relative to a simple downloader unless inputs are strictly validated/escaped.

ℹ Persistence & Privilege

The skill forks detached background processes to perform downloads and relies on scheduled cleanup/archiving. It does not request 'always: true' or modify other skill configs, but the background process model means the skill will run independently of the parent session. This is expected for background downloads but increases the blast radius if the code is abused (e.g., to download arbitrary content or perform repeated network calls).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install background-download
安装完成后，直接呼叫该 Skill 的名称或使用 /background-download 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug background-download

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题