功能描述

Query and manage FileWave UEM device inventory, perform filtered searches, view device hierarchy, and run fleet analytics via the REST API.

使用说明 (SKILL.md)

FileWave UEM API Skill

Name: Filewave
Author: jlevitsk

Query and manage FileWave UEM device inventory via REST API.

⚠️ Disclaimer: This skill is a technology demonstration of Agentic Endpoint Management (AEM) — the concept of AI agents interacting directly with UEM platforms to assist IT administrators. It is provided as-is for educational purposes to explore what's possible when AI meets endpoint management. Neither the author nor FileWave accepts any liability for the use, misuse, or consequences of running this skill against production or any other environment. Use at your own risk. Always test in a lab environment first and review any actions before applying them to production systems.

Overview

FileWave is a unified endpoint management platform for macOS, Windows, ChromeOS, Android, tvOS, iPadOS, and iOS. This skill provides programmatic access to device inventory and status information.

Licensing

FileWave ( https://www.filewave.com ) offers flexible deployment options:

Community Edition — Free, manages up to 15 computers + 15 mobile devices
- Good for testing and small deployments
- All API capabilities available
- No advanced features (deployments, policies, MDM commands)
Commercial License — More than 15 devices with advanced features
- TeamViewer Remote Control
- Deployment management, policy enforcement, MDM commands
- Technical support

This skill works with both licensing models.

Setup

Prerequisites

FileWave server hostname/DNS
FileWave API token (from FileWave Central → Manage Administrators → API Token)

Configuration

Setup is interactive via filewave setup:

filewave setup

This creates ~/.filewave/config with your server profiles. Credentials are stored securely (chmod 600, never hardcoded in scripts).

For CI/CD environments, use environment variables:

export FILEWAVE_SERVER="filewave.company.com"
export FILEWAVE_TOKEN="your_api_token_here"

Never hardcode tokens in scripts or documentation.

Usage

Basic Commands

# Setup profiles (first time)
filewave setup

# List configured servers
filewave profiles

# Query inventory
filewave query --query-id 1

# Query with filter
filewave query --query-id 1 --filter "last_seen > 30 days"

# Search for devices (now returns multiple matches)
filewave device-search "iPad"

# Find all devices by product type (authoritative hardware lookup)
filewave find-devices iPad
filewave find-devices iPhone

# View device hierarchy and groups
filewave hierarchy 123

# Trigger a Model Update
filewave update-model

# Fleet analytics
filewave insights --type platform
filewave insights --type stale --days 30

# Cache management
filewave warm-cache
filewave cache-status

# Bulk device updates (school workflow)
filewave bulk-template --output ~/devices.csv
filewave bulk-update --csv ~/devices.csv

# Session comparison
filewave query --query-id 1 --reference lab
filewave query --query-id 1 --profile production --reference prod
filewave compare lab prod

API Architecture

Multi-Server Support: Configure multiple FileWave servers (lab, production, test) with named profiles.

Key Endpoints Used

GET /api/inv/api/v1/query_result/{query_id} — Query device inventory
GET /filewave/api/devices/v1/devices/{id} — Device details
GET /filewave/api/devices/internal/devices/{id}/groups — Device group memberships
PATCH /filewave/api/devices/v1/devices/{id} — Update device (name, auth user)
POST /filewave/api/fwserver/update_model — Refresh model after bulk updates

Available Device Fields (per Inventory Query)

You configure which fields to include in your Inventory Query:

Device name, model, serial number, UDID/IMEI
OS name, version, build
Last checkin timestamp
Enrollment date, user assignment
Device group, management status, compliance state
And 50+ more fields (configurable)

Platforms Supported

macOS
Windows
ChromeOS
Android
iOS
iPadOS
tvOS

Example Queries

# Query from Inventory Query (returns all devices)
filewave query --query-id 1

# Filter devices not seen in 30+ days
filewave query --query-id 1 --filter "last_seen > 30 days"

# Get JSON format for scripting
filewave query --query-id 1 --format json

# Multiple filters (AND logic)
filewave query --query-id 1 \
  --filter "last_seen > 30 days" \
  --filter "platform = iOS"

# Compare lab vs production
filewave query --query-id 1 --profile lab --reference lab_inventory
filewave query --query-id 1 --profile prod --reference prod_inventory
filewave compare lab_inventory prod_inventory

Authentication

FileWave API uses Bearer token authentication:

Authorization: Bearer \x3Ctoken>

Response Format

FileWave Inventory Queries return column-oriented data:

{
  "offset": 0,
  "fields": [
    "Client_device_name",
    "OperatingSystem_name",
    "OperatingSystem_version",
    "Client_last_connected_to_fwxserver"
  ],
  "values": [
    ["MacBook-Pro-John", "macOS 15 Sequoia", "15.1.0", "2026-02-12T14:30:00Z"],
    ["iPad-Student-001", "iPadOS", "17.3", "2026-02-10T10:22:00Z"]
  ],
  "filter_results": 2,
  "total_results": 2,
  "version": 7
}

The CLI converts this to device objects automatically.

Current Features

✅ Multi-server profile support
✅ Inventory Query integration
✅ Natural language filtering (last_seen > 30 days)
✅ Device hierarchy analysis (original vs. clones)
✅ Bulk device updates (school deployment workflow)
✅ Fleet analytics: platform breakdown, stale device reports, field summaries
✅ Session tracking and server comparison
✅ JSON export for scripting
✅ 7-day device cache for performance

Documentation

README.md — Overview and quick start
CLI_REFERENCE.md — Complete command reference (includes fleet analytics, cache commands)
BULK_UPDATE.md — School district workflow
API_CAPABILITIES.md — API reference and analytics module
CREDENTIAL_ARCHITECTURE.md — Security design
SESSION_DATA_MANAGER.md — Session tracking internals
ONBOARDING.md — Setup wizard details

安全使用建议

What to check before installing/use: 1) Inspect lib/onboarding.py and lib/config_manager.py in the skill to verify what the onInstall hook does and where it writes files; installation may run an interactive onboarding script that creates ~/.filewave/config. 2) Do not paste production tokens during first-run testing — use a lab/test FileWave token with least privilege, or a read-only token if available. 3) Confirm the installer behavior (clayhub or your runtime) — will it actually run onboarding automatically? If you prefer manual control, install offline and run onboarding yourself. 4) Understand destructive commands: bulk-update, PATCH device metadata, and update-model are intentional features; review CSVs and use --confirm flags or dry-run testing before applying to production. 5) Verify where caches/logs are stored (device cache, session data) so sensitive device identifiers are not leaked or left on shared machines. 6) If you want to limit risk, restrict the skill’s ability to run autonomously or monitor agent actions when tokens are present. If anything about the install behavior or the onInstall hook is unclear, ask the author for clarity or run the skill in an isolated VM/lab environment first.

功能分析

Type: OpenClaw Skill Name: filewave Version: 1.0.0 The skill demonstrates robust security practices for credential management, storing API tokens in `~/.filewave/config` with `chmod 600` permissions and truncating tokens in output (`lib/config_manager.py`). Network activity is confined to the configured FileWave UEM server, utilizing specific and relevant API endpoints (`lib/api_utils.py`, `lib/device_cache.py`, `lib/device_hierarchy.py`). Markdown documentation is clear and does not contain prompt injection attempts. However, the `lib/bulk_update_handler.py` module directly passes user-provided `DeviceName` and `EnrollmentUser` strings from a CSV file to FileWave API `PATCH` endpoints. While the skill itself does not construct malicious payloads, this direct input could be exploited as an injection vector if the FileWave UEM platform's API or UI is vulnerable to XSS or other forms of injection via these fields, classifying it as a potential vulnerability rather than intentional malice.

能力评估

ℹ Purpose & Capability

The name/description match the included code and docs: the repo contains CLI docs and modules for inventory queries, device hierarchy, bulk updates, caching, and session management. The API endpoints used (GET query_result, PATCH devices, POST update_model) are consistent with the stated purpose.

⚠ Instruction Scope

Runtime instructions and docs expect writing/reading a credential config (~/.filewave/config) and optional env vars (FILEWAVE_SERVER, FILEWAVE_TOKEN). The skill includes destructive operations (PATCH device metadata, bulk-update, model refresh) which are legitimate for the stated purpose but require explicit user consent. Also the package documents an onboarding flow that runs automatically during installation (see docs/ONBOARDING.md and manifest.json), which means interactive credential input and creation of a persistent config file may happen without additional explicit steps beyond install — this is a scope/surprise risk. The SKILL.md and docs reference env vars/config paths even though the registry metadata lists no required env vars or config paths.

⚠ Install Mechanism

Registry shows 'No install spec — instruction-only', but the included manifest.json and ONBOARDING.md describe an onInstall hook (python3 lib/onboarding.py) that the installer (clayhub) would run. That mismatch is notable: there is no formal install entry recorded in the registry metadata while the codebase includes a post-install script that performs interactive onboarding. No external downloads or suspect remote URLs are present in the provided files.

⚠ Credentials

The skill legitimately needs a FileWave API token and server URL to operate. However, the registry metadata declares no required env vars or primary credential, while the documentation and code explicitly instruct use of FILEWAVE_SERVER/FILEWAVE_TOKEN and a persistent config file (~/.filewave/config). This inconsistency could lead to accidental omission of warnings about credential usage. Storing tokens in ~/.filewave/config (chmod 600) is expected, but you should confirm where other caches (device cache, session data) are written and whether any logs might include device data.

ℹ Persistence & Privilege

The skill creates a persistent per-user config file (~/.filewave/config) and implements a device cache (7-day TTL) and session registry in memory. always:false (not force-installed) and autonomous invocation is the platform default. Combined with an automatically created credentials file, that allows future automated calls to the FileWave API (including PATCH/bulk updates) if the token is present — which is expected behavior but increases blast radius if tokens are provided to an agent without restrictions.

版本历史

v1.0.0

FileWave UEM API Skill 1.0.0 - Initial release providing command-line access to FileWave device inventory and management via REST API. - Supports multi-server profiles, inventory queries, fleet analytics, device searching, device hierarchy, and session-based comparisons. - Includes interactive setup, secure credential storage, CI/CD environment support, and JSON export for scripting. - Documentation covers setup, CLI reference, bulk updates, API capabilities, and security architecture. - Compatible with both Community and Commercial FileWave editions, supporting macOS, Windows, ChromeOS, Android, iOS, iPadOS, and tvOS.

元数据

Slug filewave

版本 1.0.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 1

常见问题

Filewave 是什么？

Query and manage FileWave UEM device inventory, perform filtered searches, view device hierarchy, and run fleet analytics via the REST API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 700 次。

如何安装 Filewave？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install filewave」即可一键安装，无需额外配置。

Filewave 是免费的吗？

是的，Filewave 完全免费（开源免费），可自由下载、安装和使用。

Filewave 支持哪些平台？

Filewave 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Filewave？

由 Josh Levitsky, CISSP（@jlevitsk）开发并维护，当前版本 v1.0.0。

Filewave