← 返回 Skills 市场
921
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install local-file-manager
功能描述
Read, write, append, and list local files in the session's working directory. Use when you need to persist output to disk, read input files, or manipulate fi...
使用说明 (SKILL.md)
Local File Manager Skill
This skill provides safe file I/O operations within the session's cwd. It is designed for roles that need to store outputs locally (no cloud sync).
Capabilities
- Read file: Get contents of a text file
- Write file: Create or overwrite a file
- Append file: Add content to existing file
- List files: Directory listing with filtering
- Delete file: Remove a file (with safety checks)
- Copy/Move: Simple file operations
When to Use
Role needs to:
- Save generated code/analysis to disk
- Read input documents (PDFs, text, etc.)
- Append logs or results
- Create output files in Markdown/JSON/CSV
Usage
# Read a file
file-manager --action read --path output.md
# Write content (from stdin or --content)
file-manager --action write --path result.json --content '{"status":"done"}'
# Append to file
file-manager --action append --path log.txt --content "Job completed at $(date)"
# List files in directory
file-manager --action list --dir . --pattern "*.md"
# Create directory
file-manager --action mkdir --dir reports
# Delete file (with confirmation)
file-manager --action delete --path old_file.txt
Safety
- Sandboxed to cwd: Cannot access files outside session's working directory
- Protected files: Cannot delete files starting with
.or in../ - Size limit: Max file size 10MB (configurable)
- Dry-run support:
--dry-runshows what would happen
Integration with Roles
In role config, enable this skill:
plugins:
allow:
- local-file-manager
- doc-parser
Then in the role's system prompt, guide usage:
When you finish analysis, write the result to a file:
file-manager --action write --path summary.md --content "$YOUR_MARKDOWN"
Examples
Researcher saving analysis:
file-manager --action write --path analysis_$(date +%Y%m%d).md \
--content "# Analysis\
\
## Summary\
..."
Developer saving code:
file-manager --action write --path src/main.py --content "$CODE"
Automation appending log:
file-manager --action append --path /var/log/automation.log \
--content "[$(date)] Task completed\
"
Error Handling
- If file doesn't exist for read: returns error code 1
- If path is outside cwd: denied
- If write fails (permission): returns error
- All errors logged to
~/.openclaw/logs/file-manager.log
Configuration
Environment variables:
FILE_MANAGER_MAX_SIZE: Max file size in bytes (default 10485760)FILE_MANAGER_LOG: Path to operation log (default~/.openclaw/logs/file-manager.log)FILE_MANAGER_DRY_RUN: Set to "1" to only simulate operations
安全使用建议
This skill appears to implement local file operations but has packaging and safety issues you should resolve before trusting it with important data. Key concerns: (1) index.ts hard-codes a developer path (/Users/nico/...) — the skill may fail or behave unexpectedly on your system; ask the author to use a relative path or bundle the script location. (2) index.ts concatenates arguments into a shell command without escaping — this can lead to command injection if untrusted content is passed; request that the author use spawn/execFile with an args array or properly escape/validate inputs. (3) skill.json lists Python entry points that don't exist — metadata should match the actual files. (4) Examples in SKILL.md showing absolute paths are misleading given the script's sandboxing; request clearer documentation. If you decide to install: do not run with sensitive files or elevated privileges until these issues are fixed, run in an isolated environment, and ask the maintainer to patch argument handling and packaging inconsistencies.
功能分析
Type: OpenClaw Skill
Name: local-file-manager
Version: 1.0.0
The skill contains a critical command injection vulnerability in index.ts, where arguments (including file content and paths) are joined into a shell string and executed via execAsync without sanitization. This allows for arbitrary code execution on the host system. Additionally, index.ts contains a hardcoded absolute path (/Users/nico/...) for the shell script, which is highly irregular for a portable skill bundle. While these represent severe security flaws (RCE), they appear to be unintentional vulnerabilities rather than intentional malware, as no exfiltration logic or backdoors were identified.
能力评估
Purpose & Capability
The declared purpose (read/write/list files in the session cwd) is consistent with the code and SKILL.md. However the packaged metadata is inconsistent: skill.json names Python entry points and requirements, while the repo contains a TypeScript entry (index.ts) and a bash script. The index.ts references a hard-coded absolute script path (/Users/nico/...), which is a developer-specific path and unlikely to exist in a user's environment. These mismatches suggest sloppy packaging or leftover dev state.
Instruction Scope
The SKILL.md and the shell script implement a sandbox-to-cwd model and list reasonable options. But the README/examples mention absolute paths (e.g., /var/log/automation.log) that contradict the stated 'sandboxed to cwd' behavior (the script strips leading slashes). More importantly, the TypeScript entry builds a shell command by concatenating unescaped arguments into a single exec string, which lets specially crafted content or path values alter the shell invocation (command injection risk). The runtime also logs to ~/.openclaw/logs/file-manager.log, which is outside the session cwd but documented — this is plausible but should be noticed by users.
Install Mechanism
No install spec or remote downloads are present (instruction-only / local code bundled). That lowers supply-chain risk. No external URLs or archive extraction steps are used.
Credentials
The skill declares no required environment variables in registry metadata, while SKILL.md documents optional env vars (FILE_MANAGER_MAX_SIZE, FILE_MANAGER_LOG, FILE_MANAGER_DRY_RUN) — this is reasonable. skill.json restricts file permissions to the workspace (~/.openclaw/workspace/**), which aligns with the stated intent. There is no request for unrelated credentials. However, the hard-coded scriptPath in index.ts and the log file written under the user's home indicate the code assumes access to specific user paths; that reduces portability and may surprise users.
Persistence & Privilege
The skill does not request permanent/always-on privileges, does not modify other skills, and is user-invocable only. Its logged operations are local to the user account (writes to ~/.openclaw/logs by default).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install local-file-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/local-file-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Local skill registration
元数据
常见问题
Local File Manager 是什么?
Read, write, append, and list local files in the session's working directory. Use when you need to persist output to disk, read input files, or manipulate fi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 921 次。
如何安装 Local File Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install local-file-manager」即可一键安装,无需额外配置。
Local File Manager 是免费的吗?
是的,Local File Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Local File Manager 支持哪些平台?
Local File Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Local File Manager?
由 liyico(@liyico)开发并维护,当前版本 v1.0.0。
推荐 Skills