← 返回 Skills 市场
1858
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install kleo-static-files
功能描述
Host static files on subdomains with optional authentication. Use when you need to serve HTML, images, CSS, JS, or any static content on a dedicated subdomain. Supports file upload, basic auth, quota management, and automatic SSL via Caddy. Commands include sf sites (create/list/delete), sf upload (files/directories), sf files (list/delete).
使用说明 (SKILL.md)
Static Files Hosting
Host static content on *.{domain} subdomains with automatic SSL.
Quick Reference
# Create site
sf sites create mysite
# → https://mysite.498as.com
# Upload file
sf upload ./index.html mysite
# Upload directory
sf upload ./dist mysite
# Add authentication
sf sites auth mysite admin:secretpass123
# List files
sf files mysite
# Delete file
sf files mysite delete path/to/file.txt
# Delete site
sf sites delete mysite
Environment Setup
export SF_API_URL=http://localhost:3000 # API endpoint
export SF_API_KEY=sk_xxxxx # Your API key
Workflows
Deploy a Static Website
# 1. Create the site
sf sites create docs
# 2. Upload the build directory
sf upload ./build docs
# 3. Verify
curl -I https://docs.498as.com
Protected File Sharing
# 1. Create site with auth
sf sites create private
sf sites auth private user:strongpassword
# 2. Upload sensitive files
sf upload ./reports private
# 3. Share URL + credentials
# https://private.498as.com (user / strongpassword)
Update Existing Files
# Overwrite existing file
sf upload ./new-version.pdf mysite --overwrite
# Or delete and re-upload
sf files mysite delete old-file.pdf
sf upload ./new-file.pdf mysite
CLI Commands
sites
| Command | Description |
|---|---|
sf sites list |
List all sites |
sf sites create \x3Cname> |
Create new site |
sf sites delete \x3Cname> |
Delete site and all files |
sf sites auth \x3Cname> \x3Cuser:pass> |
Set basic auth |
sf sites auth \x3Cname> --remove |
Remove auth |
upload
sf upload \x3Cpath> \x3Csite> [subdir] [--overwrite] [--json]
path: File or directory to uploadsite: Target site namesubdir: Optional subdirectory--overwrite: Replace existing files--json: Output JSON
files
| Command | Description |
|---|---|
sf files \x3Csite> |
List all files |
sf files \x3Csite> delete \x3Cpath> |
Delete specific file |
stats
sf stats # Global stats
sf stats \x3Csite> # Site-specific stats
API Endpoints
Base: $SF_API_URL with Authorization: Bearer $SF_API_KEY
| Method | Path | Description |
|---|---|---|
| GET | /sites |
List sites |
| POST | /sites |
Create site |
| DELETE | /sites/{name} |
Delete site |
| PATCH | /sites/{name} |
Update auth |
| GET | /sites/{name}/files |
List files |
| POST | /sites/{name}/files |
Upload file |
| DELETE | /sites/{name}/files/{path} |
Delete file |
| GET | /stats |
Global stats |
| GET | /stats/{name} |
Site stats |
| GET | /health |
Health check |
Constraints
- Site names: lowercase, alphanumeric, hyphens only (max 63 chars)
- File size: 50MB default (configurable)
- Quota: 100MB per site default
- Rate limit: 100 requests/minute per API key
Troubleshooting
"Cannot connect to API"
# Check service status
systemctl status kleo-static-files
# Check if port is listening
curl http://localhost:3000/health
"Invalid API key"
# Verify key is set
echo $SF_API_KEY
# Create new key if needed
bun run /opt/kleo-static-files/scripts/create-key.ts "new-key"
"Quota exceeded"
# Check current usage
sf stats mysite
# Delete unused files
sf files mysite delete large-file.zip
Site not accessible via HTTPS
# Verify DNS points to server
dig mysite.498as.com
# Check Caddy config
cat /etc/caddy/sites.d/static-files.caddy
# Resync Caddy
bun run /opt/kleo-static-files/scripts/sync-caddy.ts --reload
Installation
Server Installation (run once on host)
curl -fsSL https://raw.githubusercontent.com/498AS/kleo-static-files/main/install.sh | sudo bash
The installer outputs JSON with connection details between KLEO_SF_CONFIG_BEGIN and KLEO_SF_CONFIG_END markers. Parse this to get api_url and api_key.
After Installation
export SF_API_URL=http://localhost:3000
export SF_API_KEY=sk_xxxxx # from installer output
Check Status
sudo /opt/kleo-static-files/install.sh --status
See references/install.md for manual installation.
安全使用建议
This skill appears to be what it claims (a self-hosted static-file server), but there are concerns you should address before installing:
- The registry metadata does not list environment variables that the SKILL.md and helper script require (SF_API_URL, SF_API_KEY, SF_DOMAIN). Treat that omission as a red flag and insist the author fix the metadata or provide explicit install notes.
- The installation instructions run remote scripts with sudo (curl ... | sudo bash) and pull installers from bun.sh and raw.githubusercontent.com. Do NOT run those blindly as root. Inspect the installer scripts first (download and open them locally) or follow the manual install steps in references/install.md inside an isolated VM or container.
- Installing will create systemd services and modify Caddy configuration (/etc/caddy) and write under /opt and /var — backups and a review of the systemd unit and Caddy snippets are recommended.
- The service issues/returns an API key; treat that key as sensitive. Create a scoped API key, store it securely, and rotate/revoke it if you stop using the service.
- If you only need to use the CLI against an existing service, avoid running the installer: just set SF_API_URL and SF_API_KEY in your environment and use the CLI/helper script after reviewing it.
If you want to proceed safely: review the installer script contents, prefer manual installation steps, run in a disposable VM/container first, and verify any API keys produced before using them in production.
功能分析
Type: OpenClaw Skill
Name: kleo-static-files
Version: 1.0.0
The skill is classified as suspicious due to several high-risk capabilities, even though they are presented as part of the intended functionality. The `SKILL.md` and `references/install.md` files instruct the AI agent to execute a remote script with `sudo` (`curl -fsSL https://raw.githubusercontent.com/498AS/kleo-static-files/main/install.sh | sudo bash`) for server installation. This grants root privileges and executes arbitrary code from an external source, posing a significant supply chain risk. Additionally, the installation process creates a systemd service for persistence, and the `sf-helper.sh` script performs powerful operations like site deletion and file uploads, which could be misused if the agent or the remote source is compromised.
能力评估
Purpose & Capability
The name/description (serve static files on subdomains with auth) matches the CLI surface, helper script, and install docs. However the registry metadata declares no required environment variables or credentials while the SKILL.md and scripts clearly require SF_API_URL, SF_API_KEY and optionally SF_DOMAIN and paths under /opt and /etc — this metadata omission is inconsistent and should be clarified.
Instruction Scope
Runtime instructions and helper script stay within the stated purpose: creating sites, uploading files, setting auth, and managing Caddy/sys service. Troubleshooting steps reference systemctl, /etc/caddy, and local API health checks which are expected for a server component. There is no instruction to read or exfiltrate unrelated host secrets in the provided docs/scripts.
Install Mechanism
Installation relies on running remote installers (curl https://raw.githubusercontent.com/... | sudo bash) and other third-party installers (bun.sh, Caddy repo scripts). Executing remote scripts as root and piping them to sudo bash is high-risk; users should inspect the installer contents before executing and prefer manual install steps or running inside an isolated VM/container.
Credentials
The skill requires an API key (SF_API_KEY), API URL (SF_API_URL), domain settings (SF_DOMAIN), and writes/reads service files under /opt, /etc and /var — all reasonable for a hosting service, but the registry declared none. The mismatch between declared requirements and actual instructions reduces transparency and could lead to accidental exposure of the API key or misconfiguration if users don't notice the env requirements.
Persistence & Privilege
The installer and docs instruct creating a systemd service, installing files under /opt, and modifying Caddy configuration — this creates a persistent, system-level component (expected for a self-hosted server). The skill itself is not force-enabled (always:false), but installing it requires root privileges and changes to system-wide services, so take standard precautions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install kleo-static-files - 安装完成后,直接呼叫该 Skill 的名称或使用
/kleo-static-files触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Host static files on subdomains with automatic SSL. Create sites, upload files, add basic auth. CLI + API included.
元数据
常见问题
Kleo Static files 是什么?
Host static files on subdomains with optional authentication. Use when you need to serve HTML, images, CSS, JS, or any static content on a dedicated subdomain. Supports file upload, basic auth, quota management, and automatic SSL via Caddy. Commands include sf sites (create/list/delete), sf upload (files/directories), sf files (list/delete). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1858 次。
如何安装 Kleo Static files?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install kleo-static-files」即可一键安装,无需额外配置。
Kleo Static files 是免费的吗?
是的,Kleo Static files 完全免费(开源免费),可自由下载、安装和使用。
Kleo Static files 支持哪些平台?
Kleo Static files 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Kleo Static files?
由 awaaate(@awaaate)开发并维护,当前版本 v1.0.0。
推荐 Skills