← 返回 Skills 市场

Kimi文件传输

Name: Kimi文件传输
Author: chongjie-ran

作者 chongjie-ran · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

509

总下载

当前安装

版本数

在 OpenClaw 中安装

/install kimi-file-transfer

功能描述

将本地最多5个文件发送到当前Kimi对话中供用户下载，支持任意类型文件。

使用说明 (SKILL.md)

Kimi文件传输 | kimi-file-transfer

将本地文件发送到Kimi对话中供用户下载。

作者

SC&Chongjie

功能

将本地文件发送到当前Kimi对话
支持任意文件类型
每次最多5个文件

触发词

"发送文件给我"
"传输文件"
"文件到Kimi"
"上传文件到对话"

使用方法

方式1: 直接对话中请求

用户: SC，把 memory/db-ai-agent-strategy.md 发给我
SC: (自动调用工具传输文件)

方式2: 指定多个文件

用户: 把 these files 发给我: file1.md, file2.pdf

技术实现

# 使用 kimi_upload_file 工具
kimi_upload_file(paths=["/path/to/file.md"])

适用场景

文档共享: 将本地Markdown/文档发送到对话
素材传输: 图片、PDF等文件快速传输
代码分享: 直接发送代码文件到对话

限制

每次最多5个文件
文件必须在本地可访问
支持任意文件类型

更新日志

v1.0.0 (2026-02-28)

初始版本发布
支持单文件/多文件传输

联系作者

如有问题或建议，欢迎反馈！

Skill by SC&Chongjie 🤖

安全使用建议

This skill appears to do what it says (upload local files to the Kimi conversation) but the runtime instructions allow the agent to read and upload any local path you specify — including possibly sensitive internal files (agent memory, credentials, logs). Before installing or using it, verify: (1) what the kimi_upload_file tool does and who can access the uploaded files on the server, (2) that the agent will prompt for explicit confirmation before uploading sensitive paths, and (3) you avoid naming or auto-sending files that contain secrets (API keys, ~/.ssh, agent memory or database files). If you need stricter safety, request that the skill author add explicit confirmation steps, a whitelist of allowed directories, or a preview of files to be uploaded.

功能分析

Type: OpenClaw Skill Name: kimi-file-transfer Version: 1.0.0 The 'kimi-file-transfer' skill is designed to send local files to the Kimi conversation for user download. While its stated purpose is benign, the `SKILL.md` instructions imply that the AI agent will use a `kimi_upload_file` tool with paths directly provided by the user. This creates a significant vulnerability where a malicious user could exploit prompt injection to request sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, configuration files) from the agent's host system, leading to unauthorized data exfiltration. The skill itself does not exhibit malicious intent, but it enables a high-risk capability that can be easily abused.

能力评估

✓ Purpose & Capability

Name and description match the SKILL.md: the skill's goal is to send up to 5 local files into the current Kimi conversation. Nothing in the metadata or SKILL.md requests unrelated services, binaries, or credentials.

⚠ Instruction Scope

The SKILL.md tells the agent to call kimi_upload_file(paths=[...]) to send arbitrary local files. That is in-scope for a file-transfer skill, but the instructions are terse and grant the agent authority to read and upload any local path the user names (examples include paths like memory/db-ai-agent-strategy.md). There are no explicit constraints, confirmation steps, or warnings about sensitive files, so the agent could easily be used to exfiltrate secrets or internal state without safeguards.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. This minimizes install risk because nothing is written to disk by the skill bundle itself.

ℹ Credentials

No environment variables, credentials, or config paths are requested. However, the skill implicitly depends on a tool (kimi_upload_file) and on the agent having filesystem access and upload capability. The SKILL.md does not document what permissions the kimi_upload_file tool requires or who can access uploaded files.

✓ Persistence & Privilege

always is false and there is no install behavior that would make the skill persistent or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install kimi-file-transfer
安装完成后，直接呼叫该 Skill 的名称或使用 /kimi-file-transfer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

初始版本发布

元数据

Slug kimi-file-transfer

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题