← 返回 Skills 市场
1413
总下载
0
收藏
14
当前安装
1
版本数
在 OpenClaw 中安装
/install file-browser
功能描述
Read-only file browsing and reading in the OpenClaw workspace (/home/alfred/.openclaw/workspace). Use for listing directories or reading text files (up to 10...
使用说明 (SKILL.md)
File Browser Skill
Quick Start
Resolve all paths relative to WORKSPACE=/home/alfred/.openclaw/workspace. Sanitize inputs to prevent escapes or absolutes.
- To list directory: exec("scripts/list_files.sh", [rel_path]) → JSON {success: bool, data: array of names, error: string}
- To read file: exec("scripts/read_file.sh", [rel_path]) → JSON {success: bool, data: string (text content), error: string}
- Handle errors: For binary/large/non-text files, return error JSON.
Step-by-Step Workflow
- Parse user query for action (list/read) and relative path.
- Call appropriate script with sanitized rel_path.
- Parse JSON output; respond to user with results or error message.
- If path invalid or outside workspace, reject immediately.
Safety Guidelines
- Enforce read-only: No writes, deletes, or exec beyond scripts.
- Log accesses if verbose mode enabled.
- For large files (>10k chars), truncate or summarize.
Edge Cases
- Empty path: Default to "." (workspace root).
- Binary file: Return error "Non-text file".
- See references/examples.md for more (if added).
Bundled Resources
- scripts/list_files.sh: Bash wrapper for ls.
- scripts/read_file.sh: Bash wrapper for cat with limits.
安全使用建议
This skill generally does what it says, but do not install blindly: the scripts allow symlink traversal (a file inside the workspace that is a symlink could let the skill read files outside the workspace) and build JSON by directly embedding filenames and file contents without proper escaping (filenames or file contents with quotes/newlines/backslashes can corrupt JSON or be abused). Recommended mitigations before use: 1) resolve and verify the absolute path (e.g., realpath or readlink -f) and ensure it has the workspace prefix to block symlink/outside reads; 2) refuse to follow symlinks or explicitly check for and reject symlinks if you want strict confinement; 3) produce JSON safely (use a JSON encoder such as jq, Python's json.dumps, or printf with proper escaping) rather than interpolating raw data; 4) harden filename handling (handle newlines and quotes, or return names via null-separated output); and 5) validate parsed JSON before using results. If you cannot patch the scripts, consider running the skill in a restricted environment or rejecting it. Confidence is medium — code is small and readable, but the above issues are real and should be fixed before trusting the skill with sensitive workspace contents.
功能分析
Type: OpenClaw Skill
Name: file-browser
Version: 1.0.0
The skill provides file browsing and reading capabilities within a restricted workspace, but it contains a vulnerability in the manual construction of JSON responses in 'scripts/list_files.sh' and 'scripts/read_file.sh'. Because file contents and filenames are not escaped before being inserted into the JSON string, a file containing double quotes or JSON-like structures could cause the agent to misinterpret the output, leading to indirect prompt injection. While the path sanitization correctly checks for '..' and absolute paths, the improper output encoding is a flaw that could be exploited to manipulate the agent's behavior.
能力评估
Purpose & Capability
Name, description, SKILL.md, and included scripts align: the skill only lists and reads files under /home/alfred/.openclaw/workspace and declares no extra dependencies or credentials.
Instruction Scope
SKILL.md restricts to relative paths and read-only operations and the scripts generally enforce these checks, but the scripts do not prevent symlink traversal (a workspace-file that is a symlink can point outside the workspace) and they emit JSON by interpolating raw filenames/file contents without escaping, which can break parsing or enable JSON injection. There is no handling for filenames containing quotes, newlines, or other special characters.
Install Mechanism
No install spec; instruction-only with two small scripts. No external downloads or package installs are performed.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate to a read-only file browser.
Persistence & Privilege
Skill is not always-enabled and uses normal invocation. It does not request elevated or persistent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install file-browser - 安装完成后,直接呼叫该 Skill 的名称或使用
/file-browser触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Version 1.0.0
- Major update: Introduces a new read-only file browsing skill for the OpenClaw workspace.
- Adds scripts for listing directories and reading text files within the workspace.
- Skill description and usage instructions now reflect security restrictions and available actions.
- Old SKILL.md and broader file management functionality removed; focus narrowed to basic browse and read operations only.
元数据
常见问题
file-browser 是什么?
Read-only file browsing and reading in the OpenClaw workspace (/home/alfred/.openclaw/workspace). Use for listing directories or reading text files (up to 10... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1413 次。
如何安装 file-browser?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install file-browser」即可一键安装,无需额外配置。
file-browser 是免费的吗?
是的,file-browser 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
file-browser 支持哪些平台?
file-browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 file-browser?
由 Nagilem(@nagilem)开发并维护,当前版本 v1.0.0。
推荐 Skills