功能描述

通过网页上传文件到本地workspace，支持智能认证，文件安全保存，供AI分析处理，支持中文名和文件管理。

使用说明 (SKILL.md)

file-upload-skill

Name: File Upload to Local Workspace
Author: chengwang86

OpenClaw 文件上传技能 - 通过网页上传文件到本地 workspace供 AI 分析

🎯 与其他上传技能的区别

❌ 我们不是：

❌ 云存储服务（不是上传到云端）
❌ 图床服务（不是获取外链）
❌ 文件分享工具（不是分享给他人）

✅ 我们是：

✅ 本地上传 - 文件保存在你的机器上
✅ AI 分析 - 上传后让 AI 帮你分析文件内容
✅ 私有安全 - 文件不离开你的服务器
✅ OpenClaw 集成 - 与你的 AI 助手无缝协作

典型使用场景：

1. 上传 PDF → AI 总结内容
2. 上传截屏 → AI 提取文字
3. 上传日志 → AI 分析问题
4. 上传代码 → AI 审查优化

功能

📁 网页端文件上传（支持拖拽）
🔐 智能认证：自动适配 Token/Password/无认证
🇨🇳 支持中文文件名
🚀 一键安装，自动配置
📦 独立服务，不影响 Gateway
🤖 AI 自动回答上传地址
📂 文件列表展示与管理
🗑️ 支持文件删除

快速开始

安装

# 方式 1: 从 ClawHub 安装（推荐）
openclaw skills install file-upload

# 方式 2: 本地安装
git clone \x3Crepo-url> ~/.openclaw/workspace/skills/file-upload
cd ~/.openclaw/workspace/skills/file-upload
./install.sh

使用

安装后自动启动上传服务，访问：

http://\x3Cserver-ip>:15170/?token=\x3Cyour-auth-value>

🔐 认证说明：

如果你的 Gateway 配置了 token → 使用 token
如果你的 Gateway 配置了 password → 使用 password
如果 无认证 → 直接访问（建议配置认证）

💡 如何获取认证值：

# 查看你的认证配置
cat ~/.openclaw/openclaw.json | grep -A3 '"auth"'

询问 AI

用户可以直接问：

"怎么上传文件给你？"
"上传地址是什么？"
"如何发送文件？"

AI 会自动回复正确的上传地址（隐藏敏感信息）

配置

环境变量

# 可选配置，默认值如下
export UPLOAD_PORT=15170           # 上传服务端口（可自定义）
export UPLOAD_PATH="/upload"       # 上传页面路径
export WORKSPACE="~/.openclaw/workspace"  # 文件保存目录

自定义端口

如果 15170 端口被占用，可以在安装前设置：

export UPLOAD_PORT=18888
openclaw skills install file-upload

openclaw.json 配置

{
  "skills": {
    "file-upload": {
      "enabled": true,
      "port": 15170,
      "workspace": "~/.openclaw/workspace",
      "maxFileSize": "50MB",
      "autoStart": true
    }
  },
  "agents": {
    "defaults": {
      "env": {
        "UPLOAD_PORT": "15170",
        "UPLOAD_PATH": "/upload"
      }
    }
  }
}

🔐 认证兼容性

技能包支持所有 OpenClaw 认证方式：

认证方式	配置示例	技能包行为
Token 认证	`"mode": "token"`\x3Cbr>`"token": "xxx"`	✅ 自动读取 token
Password 认证	`"mode": "password"`\x3Cbr>`"password": "xxx"`	✅ 自动读取 password
无认证	无 `auth` 配置	⚠️ 空认证（建议配置）
Tailscale	`"allowTailscale": true`	⚠️ 空认证

前端统一使用：

http://\x3Cserver-ip>:15170/?token=\x3C认证值>

后端会自动匹配 gateway.auth.token 或 gateway.auth.password。

详见：docs/AUTH-COMPATIBILITY.md

AI 集成

SKILL.md 指令

AI 会读取本文件，了解如何回答上传相关问题。关键指令：

## 如何回答上传地址问题

当用户询问上传文件、发送文件、上传地址时：

1. **不要直接暴露 token/password**
2. **使用占位符**：`\x3Cyour-auth-value>` 代替真实认证值
3. **提示用户从配置获取**：告诉用户在 `~/.openclaw/openclaw.json` 查找

标准回复模板：

📁 文件上传地址： http://\x3Cserver-ip>:15170/?token=\x3Cyour-auth-value>

获取认证值：

查看 ~/.openclaw/openclaw.json
找到 gateway.auth.token 或 gateway.auth.password
替换 URL 中的 \x3Cyour-auth-value>

或者直接访问：http://\x3Cserver-ip>:15170/ （无认证配置时不需要参数）

示例对话

用户: 怎么上传文件给你？

AI:

📁 你可以通过网页上传文件给我！

上传地址：
http://\x3Cserver-ip>:15170/?token=\x3Cyour-auth-value>

🔐 获取认证值：
1. 查看配置文件：~/.openclaw/openclaw.json
2. 找到 gateway.auth.token 或 gateway.auth.password
3. 替换 URL 中的 \x3Cyour-auth-value>

💡 使用步骤：
1. 打开上传地址
2. 拖拽文件到上传区域
3. 点击"上传文件"
4. 上传成功后告诉我文件名

支持中文文件名，最大 50MB。

用户: 上传地址是什么？

AI:

📤 文件上传服务已启动！

访问地址：http://\x3Cserver-ip>:15170/

认证方式：
- URL 参数：?token=\x3Cyour-auth-value>
- 认证位置：~/.openclaw/openclaw.json → gateway.auth

上传的文件会保存到：~/openclaw/workspace/uploads/
上传成功后告诉我文件名，我可以帮你分析！

用户: 我没有配置 token，怎么办？

AI:

🔐 没关系！如果你没有配置认证：

**临时使用（不推荐）：**
- 直接访问：http://127.0.0.1:15170/
- 不需要认证参数

**建议配置认证：**
```bash
# 生成随机 token
openclaw doctor --generate-gateway-token

# 或手动配置
openclaw config set gateway.auth.token $(openssl rand -hex 32)

配置后重启 Gateway 即可使用认证保护。


## 目录结构

file-upload/ ├── SKILL.md # 技能说明（本文件） ├── package.json # 技能元数据 ├── install.sh # 安装脚本 ├── uninstall.sh # 卸载脚本 ├── src/ │ ├── upload-server.js # 上传服务器 │ └── upload.html # 上传页面 ├── templates/ │ └── openclaw.json.template # 配置模板 └── docs/ └── README.md # 详细文档


## 安全说明

### 认证安全
- ✅ **智能认证适配**：自动读取 token 或 password
- ✅ 认证值不在技能包中硬编码
- ✅ 认证值不在日志中明文显示
- ✅ 支持无认证降级（会提示警告）

### 文件系统安全
- ✅ 独立 `uploads/` 目录，与工作文件隔离
- ✅ 文件名 sanitization，防止路径遍历攻击
- ✅ 仅允许访问 uploads 目录
- ✅ 删除操作需要认证

### 网络安全
- ✅ CORS 头配置
- ✅ 仅监听指定端口
- ✅ 不自动暴露到公网
- ⚠️ 建议配合防火墙规则使用

详见：[SECURITY-AUDIT.md](SECURITY-AUDIT.md)

## 开发

```bash
# 本地测试
cd ~/.openclaw/workspace/skills/file-upload
node src/upload-server.js

# 查看日志
tail -f ~/.openclaw/workspace/upload-server.log

故障排查

无法访问上传页面

检查服务是否运行：

ps aux | grep upload-server

检查端口是否监听：

netstat -tlnp | grep 15170

检查防火墙：

sudo iptables -L -n | grep 15170

上传失败

查看日志：

tail -f ~/.openclaw/workspace/upload-server.log

检查认证值是否正确：
- Token 用户：cat ~/.openclaw/openclaw.json | grep '"token"'
- Password 用户：cat ~/.openclaw/openclaw.json | grep '"password"'
检查文件权限：

ls -la ~/.openclaw/workspace/uploads/

检查认证配置：

# 查看当前认证模式
cat ~/.openclaw/openclaw.json | grep -A3 '"auth"'

认证问题

问题: 提示 "Invalid authentication"

解决:

确认 URL 中的 token/password 与配置一致
检查是否有空格或特殊字符
重启上传服务：systemctl restart openclaw-upload

问题: 我没有配置认证

解决:

# 配置 token
openclaw config set gateway.auth.token $(openssl rand -hex 32)

# 重启 Gateway
openclaw gateway restart

许可证

MIT

更新日志

v2.0.0 (2026-03-09)

✨ 新增：智能认证适配（Token/Password/无认证）
✨ 新增：独立用户文件目录 uploads/
✨ 新增：Web 页面文件列表展示
✨ 新增：文件删除功能
✨ 新增：自动/手动刷新
🎨 改进：UI 美化，文件图标
🔐 安全：通过完整安全审计
📚 文档：新增认证兼容性说明

v1.0.0 (2026-03-09)

初始版本
支持网页上传
支持中文文件名
AI 自动回答上传地址

安全使用建议

Key points to consider before installing: - Networking exposure: The Node server binds by default without an explicit loopback bind and sets Access-Control-Allow-Origin: *. If the host has an exposed IP or is on a shared network, the upload UI and APIs could be reachable from other machines. Restrict binding to 127.0.0.1, add firewall rules, or run inside a container if you intend local-only use. - Authentication: The installer and server read your OpenClaw config (~/.openclaw/openclaw.json) to pick up gateway.token or gateway.password; if none is present the service falls back to no auth. Make sure your Gateway uses token/password and verify the service enforces it before exposing the port. - Persistent service: install.sh may write a systemd unit to /etc/systemd/system and enable/start it. Review the generated unit (it embeds Environment=GATEWAY_AUTH_VALUE) before running install as root. If you cannot review, avoid giving the installer root privileges; run it manually bound to localhost. - Data exposure / exfiltration risk: The server can list the workspace/skills directory and can package (zip) skill directories for download. That lets the upload service read and offer other local skill files. If those skill directories contain secrets or keys, that could leak them. Consider limiting the SKILLS_DIR usage or disabling the skill-download endpoints. - Verify logs & token handling: The authors claim tokens are not logged; nevertheless, inspect upload-server.log and systemd stdout/stderr after install and ensure no sensitive values are present. - Practical mitigations: (1) Run the service bound to 127.0.0.1 (modify upload-server.js or set up a reverse proxy that listens on loopback). (2) Use firewall rules to block external access. (3) Review/modify the server code to disable the skill-list / zip endpoints if you don't need them. (4) Install as a non-root user without systemd unit and run it manually while you evaluate. (5) Audit the workspace/skills directories for any secrets prior to enabling downloads. If you want, I can point to the exact lines where (a) the server reads ~/.openclaw/openclaw.json, (b) the code enumerates and zips SKILLS_DIR contents, and (c) where the HTTP server sets CORS so you can modify them before installing.

功能分析

Type: OpenClaw Skill Name: file-upload-to-local-workspace Version: 3.0.1 The skill bundle implements a local file upload service but includes a 'hidden' skill-downloading API (/api/skills/) that is not listed in the main SKILL.md or clawhub.json features. This API is vulnerable to path traversal via the 'skillName' parameter (e.g., using '..'), which allows an authenticated user to zip and download the entire OpenClaw workspace, potentially including sensitive configuration files like openclaw.json. While the skill includes extensive security documentation (SECURITY-AUDIT.md) and mirrors the existing Gateway authentication for safety, the inclusion of an undocumented, high-risk exfiltration capability in src/upload-server.js warrants a suspicious classification.

能力评估

⚠ Purpose & Capability

Name/description = local web upload for AI analysis. The code and installer match that purpose (serve upload page, store files, authenticate). However the server also enumerates the workspace/skills directory and can package (zip) skill directories for download — a capability not highlighted in the skill description. That allows the service to read and serve other installed skills' files. Also the server binds to the default node listener (no explicit loopback) and uses permissive CORS, which can expose the service to networks by default despite docs claiming 'not automatically exposed to the public'. These extras go beyond a minimal local upload helper and increase exposure.

ℹ Instruction Scope

SKILL.md explicitly instructs reading the OpenClaw config (~/.openclaw/openclaw.json) and tells the agent and user how to retrieve the gateway token/password (cat/grep). That is consistent with needing to validate/upload requests, but it means the skill (and install script) will access a sensitive local config file. The AI reply templates correctly tell the assistant not to disclose tokens, but the instructions also show commands that, when executed by a user or agent, will reveal secret values — so users should avoid pasting tokens into external chat and restrict who runs the install.

ℹ Install Mechanism

No external downloads or obscure URLs — the bundle is self-contained. The install.sh copies files into the user's workspace and (if /etc/systemd/system exists and the script runs with permission) creates a system-wide systemd service enabling and starting the server (Restart=always). Creating a systemd unit and starting it requires elevated privileges and gives the skill persistent presence. That is reasonable for a long-running service but is impactful and should be reviewed pre-install.

ℹ Credentials

The registry metadata lists no required env vars or credentials, but SKILL.md and install.sh use optional envs (UPLOAD_PORT, WORKSPACE) and the installer reads gateway token/password from ~/.openclaw/openclaw.json. Reading the gateway auth value is justified for validating uploads, but the installer also attempts to extract token/password and places it into the systemd Environment (GATEWAY_AUTH_VALUE). The server code, however, reads the token from the config file at runtime (minor inconsistency). Overall the requested access (local config file and workspace write) is proportionate to the stated function, but it's sensitive (it touches auth tokens and other skills' directories).

ℹ Persistence & Privilege

The installer will create/enable a systemd service (openclaw-upload.service) and start it with Restart=always, giving the skill persistent execution across reboots. always:false is set in the skill metadata, so it's not force-included globally, but the systemd install means the skill will persist on the host once installed. This is understandable for a server but increases blast radius and requires administrative review.

版本历史

v3.0.1

### v3.0.1 - Updated `clawhub.json` configuration. - Made changes to `src/upload-server.js`. - No user-facing features documented; minor internal adjustments/maintenance.

v3.0.0

**Major release with enhanced security, authentication, and usability for local AI file uploads.** - Added intelligent authentication compatibility (automatically supports Token/Password/No authentication). - Now provides a standalone uploads directory and file list management. - Introduced file delete capabilities and improved web UI (including drag & drop, icons, and user experience). - Enhanced security: authentication is never hardcoded; supports authentication fallback with warnings; prevents path traversal. - AI now gives precise, privacy-conscious upload address responses using templates. - Documentation comprehensively updated with quick start, troubleshooting, security, and integration guidance.

元数据

Slug file-upload-to-local-workspace

版本 3.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题

File Upload to Local Workspace 是什么？

通过网页上传文件到本地workspace，支持智能认证，文件安全保存，供AI分析处理，支持中文名和文件管理。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 378 次。

如何安装 File Upload to Local Workspace？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install file-upload-to-local-workspace」即可一键安装，无需额外配置。

File Upload to Local Workspace 是免费的吗？

是的，File Upload to Local Workspace 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

File Upload to Local Workspace 支持哪些平台？

File Upload to Local Workspace 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 File Upload to Local Workspace？

由 chengwang86（@chengwang86）开发并维护，当前版本 v3.0.1。

File Upload to Local Workspace