← 返回 Skills 市场
500
总下载
0
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install cloud-local-bridge
功能描述
实现云端 OpenClaw 与本地 OpenClaw 之间的双向通信桥接。支持自然语言配对、命令执行、文件同步。
使用说明 (SKILL.md)
Cloud-Local Bridge
让云端和本地 OpenClaw 实例无缝协同,支持自然语言配对、文件互通、命令远程执行。
核心特性
✅ 自然语言配对 - 不用记指令,像聊天一样说"我想连接云端" ✅ 跨通道配对 - QQ/微信/Telegram/邮件都能完成配对 ✅ 2步完成 - 像添加微信好友一样简单
⚡ 自然语言配对
直接发送自然语言
| 你发送 | 机器人回应 |
|---|---|
配对 |
收到配对码 |
我想连接云端 |
收到配对码 |
添加设备 |
收到配对码 |
配对 847291 |
配对成功 |
查看配对 |
显示已连接设备 |
帮助配对 |
显示帮助 |
支持的自然语言
发起配对:
配对、我要配对、想配对连接、连接云端、连接本地添加设备、添加云端、添加好友关联设备、互相关联pair、connect
确认配对:
配对 123456
查看状态:
查看配对、配对状态我的设备、设备列表
取消:
取消配对、删除设备
📱 配对流程
用户 A(本地) 用户 B(云端)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
1. 发送「我想连接云端」 (等待)
↓
2. 收到配对码: 847291
↓
3. 发送配给 B (接收配对码)
↓ 4. B 发送「配对 847291」
↓
5. ✅ 配对成功! ✅ 配对成功!
🚀 快速启动
cd /root/.openclaw/workspace/skills/cloud-local-bridge/scripts
# 启动 Bridge 服务
python3 bridge_server.py --port 8080 --token "xxx"
🔧 组件说明
| 文件 | 说明 |
|---|---|
qq_handler.py |
自然语言配对处理器 |
bridge_server.py |
Bridge 服务端 |
bridge_client.py |
Bridge 客户端 |
sync_files.py |
文件同步 |
💡 使用场景
场景1:QQ 配对
你:我想连接云端
机器人:📱 发起配对成功!配对码:847291
(你把配对码发给云端用户)
云端用户:配对 847291
机器人:🎉 配对成功!已连接本地电脑
场景2:跨平台配对
本地(QQ):配对 → 收到 582391 → 通过 QQ 发送给云端
云端(Telegram):发送配对请求到 API → 配对成功
📁 文件结构
cloud-local-bridge/
├── SKILL.md
├── scripts/
│ ├── qq_handler.py # 🆕 自然语言处理器
│ ├── bridge_server.py # 服务端
│ ├── bridge_client.py # 客户端
│ └── sync_files.py # 文件同步
└── references/
└── EXAMPLES.md
⚠️ 注意事项
- 配对码 10 分钟后过期
- 配对状态保存在
~/.openclaw/bridge_pairing_state.json - 确保网络互通
安全使用建议
This skill does what it says (bridge that lets cloud instruct a local OpenClaw), but it grants very powerful local rights: remote execution (subprocess.run with shell=True), arbitrary file read/write, and the ability to send execution results to arbitrary URLs (reply_to). Before installing/run:
- Only run this on machines you fully control and are willing to expose to a trusted cloud peer. Do NOT run on servers with sensitive data or elevated permissions.
- Treat the generated token as highly sensitive. Do not share pairing codes/tokens over untrusted channels. Inspect pairing messages to ensure the token is not being leaked to third parties.
- Restrict network access (bind to localhost or firewall to only allow specific IPs); prefer running behind VPN or SSH tunnel and use HTTPS where possible.
- Consider running the bridge inside a sandbox/container or a dedicated low-privilege user account to limit damage from malicious commands.
- Review the code yourself (or have a trusted party do so): look for any unwanted callbacks, unexpected endpoints, or additional behavior in truncated files.
- If you need more constrained behavior, modify the server to whitelist allowed commands and restrict file path access, or remove the 'reply_to' callback feature.
Given these findings, treat the skill as high-risk: usable for intended scenarios but only with strong operational controls and mutual trust between paired parties.
功能分析
Type: OpenClaw Skill
Name: cloud-local-bridge
Version: 1.0.1
The `scripts/bridge_server.py` component, which is central to this skill, allows authenticated clients to execute arbitrary shell commands via `subprocess.run(command, shell=True)` and perform arbitrary file read/write/upload/download operations on the host system. It also supports making outbound network requests to arbitrary URLs for callbacks. While these capabilities are part of the skill's stated purpose (remote command execution and file synchronization), they represent severe vulnerabilities (Remote Code Execution, arbitrary file access, potential data exfiltration) if the authentication token is compromised, making the skill highly risky. The `SKILL.md` does not contain malicious prompt injection, but describes the setup and usage of these powerful, high-risk features.
能力评估
Purpose & Capability
The name/description (bridge between cloud and local, pairing, command exec, file sync) matches the included code: server, client, pairing, sync and installer. Asking the user to run a local server with a token is coherent. However some implemented behaviors (automatic sharing of server+token during pairing, ability to read arbitrary local paths, and sending results to arbitrary callback URLs) are more powerful than the simple 'pairing' UX implies and should be considered high-risk by users.
Instruction Scope
SKILL.md instructs running the local server and examples show cloud-side scripts calling /execute and /file. The runtime code allows arbitrary shell commands (subprocess.run with shell=True), arbitrary file reads/writes/uploads/downloads, and will POST callbacks to attacker-controlled URLs (reply_to). The pairing handlers also automatically include the local server URL and token in pairing messages/state, which can leak credentials out-of-band. The instructions do not sufficiently warn about these powerful actions.
Install Mechanism
There is no registry install spec, but an included installer script will pip-install 'requests' and 'psutil' (typical PyPI packages). Using pip in the installer is expected for a Python skill, but installing packages without cryptographic verification is moderate risk. The installer also auto-generates tokens and writes config files in the user home. No remote binary downloads or obscure URLs were found.
Credentials
The skill requests no external environment variables or cloud credentials in metadata, which is proportionate. However the code creates and stores tokens/configs in ~/.openclaw and the pairing flow can expose those tokens to other parties (the QQ/qq_handler and pairing_core propagate server/token into pairing state and messages). The skill itself does not ask for unrelated credentials, but it does enable automatic disclosure of the local token to peers if pairing is completed carelessly.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It writes config and state into ~/.openclaw (persistent presence). Combined with autonomous invocation (platform default), the skill could be invoked to execute remote commands and access files; while this aligns with its purpose, it increases blast radius and requires the user to limit where the service runs and who receives pairing codes/tokens.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cloud-local-bridge - 安装完成后,直接呼叫该 Skill 的名称或使用
/cloud-local-bridge触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Bug fixes and improvements
v1.0.0
Initial release - 云端本地双向桥接
元数据
常见问题
Cloud-Local Bridge 是什么?
实现云端 OpenClaw 与本地 OpenClaw 之间的双向通信桥接。支持自然语言配对、命令执行、文件同步。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 500 次。
如何安装 Cloud-Local Bridge?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cloud-local-bridge」即可一键安装,无需额外配置。
Cloud-Local Bridge 是免费的吗?
是的,Cloud-Local Bridge 完全免费(开源免费),可自由下载、安装和使用。
Cloud-Local Bridge 支持哪些平台?
Cloud-Local Bridge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Cloud-Local Bridge?
由 默水(@84191879)开发并维护,当前版本 v1.0.1。
推荐 Skills