功能描述

Use this skill whenever an AI agent needs to share files, export results, upload outputs, or send data to its owner. Securely uploads files from the agent's...

使用说明 (SKILL.md)

Agent-to-Owner File Bridge

Name: Agent-to-Owner File Bridge
Author: mrbeandev

Upload files from an agent's workspace and generate a download/preview URL for the owner. The bridge server is open-source, self-hosted, and all sensitive steps require explicit user permission.

GitHub Repository: https://github.com/mrbeandev/OpenClaw-File-Links-Tool

🔒 Permissions & Security Boundaries

This skill has two modes. Both require the user to explicitly choose and approve before any action is taken:

Action	Who approves	Scope
Running `server.py`	User must say "yes, start it"	Agent's own workspace only
Opening a public tunnel	User must say "yes, expose it"	Temporary, agent-session-scoped
Generating & storing API key	User must say "yes, generate it"	`.env` in agent's workspace
Uploading a file	User must confirm file + destination	Named file, single upload

The agent never initiates any of these actions silently. Every step is gated by an explicit user confirmation.

🛠 Setup

The bridge server is a single open-source PHP or Python file deployed by the user on their own infrastructure.

Option A — PHP (recommended for shared hosting)

Place index.php on any PHP host.
Set API_KEY in a .env file.
Note the URL and key.

Option B — Python (VPS / local machine)

pip install flask then python server.py.
Set API_KEY in .env.
Note the URL and key.

Once set up, give the agent your Server URL and API Key — no further setup needed.

🤖 Agent Workflow

When the user asks to upload or share a file:

Check for Bridge: Is a Server URL and API Key already configured in this session? If yes, skip to step 4.
Onboarding: Ask the user exactly one question:
"I can help you share files. How would you like to handle the hosting?
1. Manual Mode (recommended): You already have a server — give me the URL and API Key and I'll upload right away.
2. Autonomous Mode: I'll set up a temporary local bridge in my workspace and open a public tunnel. This requires your permission at each step."
Autonomous Mode (only if user explicitly chooses it):

Step 3a — Get user confirmation before starting:

"To run the bridge server I will: (1) copy server.py from the open-source repo, (2) generate an API key and save it to .env in my workspace, (3) start the server on port 5000. May I proceed?"
- Only proceed if the user says yes.
Step 3b — Get user confirmation before opening the tunnel:

"To make the server reachable I will open a temporary public tunnel (via localtunnel or localhost.run). This creates a public URL pointing at my local port 5000. The link expires when my session ends. May I open the tunnel?"
- Only proceed if the user says yes.
- After tunnel is open, tell the user: "The tunnel URL is [URL]. This link is temporary and will stop working when this session ends."
Upload:
- POST the file to the server URL with X-API-Key header and file form-data field.
- The JSON response contains url (direct download) and view_url (rich in-browser viewer).
- Give the user view_url for text, code, images, and ZIPs — it renders content instantly in the browser.
- Give url for binary files or when a raw download link is requested.

📋 API Reference

Endpoint	Method	Action
`/`	`POST`	Upload a file (`file` form-data field)
`/?action=list`	`GET`	List all uploaded files
`/?action=view&file=...`	`GET`	Rich viewer (ZIP: add `&inner_file=path`)
`/?action=delete`	`POST`	Delete files (JSON: `{"files": ["name..."]}`)

Authentication: X-API-Key request header on all endpoints.

📎 Bundled Reference

See api_instructions.txt for a concise API cheat-sheet with curl examples.

安全使用建议

This tool can be useful, but proceed cautiously. Prefer Manual Mode: host the bridge on infrastructure you control and only give the agent the Server URL and API key. If you consider Autonomous Mode: (1) review the linked GitHub repository and the exact server.py/index.php source before allowing the agent to fetch or run it, (2) do not approve running the server or opening a public tunnel unless you understand the exposure (public tunnels make the agent workspace reachable over the Internet), (3) avoid uploading sensitive secrets or credentials through the bridge, (4) require HTTPS and proper server-side checks on your hosted endpoint, and (5) if you must use an API key created by the agent, rotate and delete it after the session. The metadata mismatch about required env vars is also worth clarifying with the skill author before trusting the skill.

功能分析

Type: OpenClaw Skill Name: file-links-tool Version: 3.0.2 This skill facilitates data exfiltration and remote access by instructing the agent to run a local web server and expose it to the public internet via tunneling services like localtunnel or localhost.run. It also directs the agent to download and execute external code (server.py) from a GitHub repository (github.com/mrbeandev/OpenClaw-File-Links-Tool). While the instructions in SKILL.md emphasize obtaining explicit user consent for these high-risk actions, the combination of remote code execution and public network exposure creates a significant attack surface and a mechanism for unauthorized data transfer.

能力评估

ℹ Purpose & Capability

The name and description match the instructions: the skill is meant to upload files to a bridge server and return links. However registry metadata claims 'no required env vars' while SKILL.md documents API_KEY and SERVER_URL as required in practice — that mismatch should be resolved. Requiring a server URL and API key is reasonable for this purpose, but the need to copy/run server.py from a remote repo (not included) is an additional capability not obvious from the registry metadata.

⚠ Instruction Scope

The SKILL.md instructs the agent to fetch/copy server.py from the referenced GitHub repo, generate and write an API key to .env in the agent workspace, run the server, and optionally open a public tunnel. Those actions let the agent fetch and execute remote code and expose a local service to the public — all sensitive operations. The document relies on explicit user confirmations for each step, but that is an instruction-level guard (not a platform-enforced guarantee).

⚠ Install Mechanism

There is no install spec or bundled server code; the agent is expected to pip install flask and pull server.py from the repo at runtime. That requires executing code fetched from a third party (GitHub) in the agent workspace. Running unvetted code and opening tunnels increases risk compared to an instruction-only skill that performs only local actions.

ℹ Credentials

Requesting API_KEY and SERVER_URL is proportional to a file-upload bridge. But the registry metadata lists no required env vars while SKILL.md documents them, creating an incongruity. The SKILL.md's recommendation to generate and store API keys in .env in the agent workspace is functional but has confidentiality implications (secrets stored on the agent side); rotating/deleting keys after the session is recommended.

ℹ Persistence & Privilege

The skill does not request always:true and uses the normal autonomous-invocation model. The bigger concern is that autonomous invocation plus the ability to fetch/execute a server and open public tunnels widens the blast radius if approvals are not strictly enforced by the user. The SKILL.md says every step requires explicit approval, but that is an instruction-level constraint, not an enforced platform guarantee.

版本历史

v3.0.2

- Added env section specifying API_KEY and SERVER_URL environment variables, with detailed usage and guidance. - Bumped version to 3.0.2. - No changes to core functionality or workflow.

v3.0.1

**Agent-to-Owner File Bridge 3.0.1 Changelog** - Added requirement for explicit user approval before all key actions in autonomous mode (server start, tunnel opening, API key generation). - Clarified compatibility requirements and security boundaries in SKILL.md. - Refined setup and onboarding instructions for both manual and autonomous modes. - Updated API usage reference and included mention of bundled API cheat-sheet. - Improved overall documentation clarity regarding user control and permission gating.

v3.0.0

Version 3.0.0 (Agent-to-Owner File Bridge) - Major redesign: Enables secure file uploads from the agent’s private workspace to a user-hosted or agent-hosted bridge server, generating direct download and preview links. - Introduces both “Autonomous Mode” (agent runs its own temporary bridge server) and “Manual Mode” (user provides server credentials) for flexible setup. - Adds clear onboarding and minimal user interaction, automatically handling server setup or credentials prompt. - Supports various file types, instant previews, and simple API endpoints for upload, viewing, and deletion. - Includes detailed instructions for both users and agents, with links to setup resources.

v1.0.9

- Added support for `view_url` in upload responses, enabling instant file previews (text, code, images, ZIPs) via a viewer link. - Updated agent instructions to deliver `view_url` by default, with fallback to direct download link (`url`) for binaries or when explicitly requested. - Documented the new `/view` API endpoint, supporting rich content viewing and ZIP file deep-linking.

v1.0.8

- Added "Agent-to-Owner File Bridge" skill for securely uploading files from an AI workspace and sharing direct download links with the user. - Provides onboarding for bridge server setup in either Autonomous (self-hosted by agent) or Manual (user-hosted) modes. - Includes step-by-step setup instructions and usage flows for both modes. - Supplies API endpoint documentation for file upload, file listing, and batch deletion actions.

元数据

Slug file-links-tool

版本 3.0.2

许可证 —

累计安装 2

当前安装数 2

历史版本数 5

常见问题