← 返回 Skills 市场

Local File Manager 1.0.0

Name: Local File Manager 1.0.0
Author: 000sonic

作者 000Sonic · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install local-file-manager-1-0-0

功能描述

Read, write, append, and list local files in the session's working directory. Use when you need to persist output to disk, read input files, or manipulate fi...

使用说明 (SKILL.md)

Local File Manager Skill

This skill provides safe file I/O operations within the session's cwd. It is designed for roles that need to store outputs locally (no cloud sync).

Capabilities

Read file: Get contents of a text file
Write file: Create or overwrite a file
Append file: Add content to existing file
List files: Directory listing with filtering
Delete file: Remove a file (with safety checks)
Copy/Move: Simple file operations

When to Use

Role needs to:

Save generated code/analysis to disk
Read input documents (PDFs, text, etc.)
Append logs or results
Create output files in Markdown/JSON/CSV

Usage

# Read a file
file-manager --action read --path output.md

# Write content (from stdin or --content)
file-manager --action write --path result.json --content '{"status":"done"}'

# Append to file
file-manager --action append --path log.txt --content "Job completed at $(date)"

# List files in directory
file-manager --action list --dir . --pattern "*.md"

# Create directory
file-manager --action mkdir --dir reports

# Delete file (with confirmation)
file-manager --action delete --path old_file.txt

Safety

Sandboxed to cwd: Cannot access files outside session's working directory
Protected files: Cannot delete files starting with . or in ../
Size limit: Max file size 10MB (configurable)
Dry-run support: --dry-run shows what would happen

Integration with Roles

In role config, enable this skill:

plugins:
  allow:
    - local-file-manager
    - doc-parser

Then in the role's system prompt, guide usage:

When you finish analysis, write the result to a file:
  file-manager --action write --path summary.md --content "$YOUR_MARKDOWN"

Examples

Researcher saving analysis:

file-manager --action write --path analysis_$(date +%Y%m%d).md \
  --content "# Analysis\
\
## Summary\
..."

Developer saving code:

file-manager --action write --path src/main.py --content "$CODE"

Automation appending log:

file-manager --action append --path /var/log/automation.log \
  --content "[$(date)] Task completed\
"

Error Handling

If file doesn't exist for read: returns error code 1
If path is outside cwd: denied
If write fails (permission): returns error
All errors logged to ~/.openclaw/logs/file-manager.log

Configuration

Environment variables:

FILE_MANAGER_MAX_SIZE: Max file size in bytes (default 10485760)
FILE_MANAGER_LOG: Path to operation log (default ~/.openclaw/logs/file-manager.log)
FILE_MANAGER_DRY_RUN: Set to "1" to only simulate operations

安全使用建议

Do not install or enable this skill until the maintainers fix the inconsistencies and the shell-injection risk. Specific items to ask or require: 1) Fix index.ts to execute the bundled script via a relative path (no hard-coded /Users/nico path) and/or use an argv array API (spawn with args) instead of building a single shell command string so user content cannot inject shell commands. 2) Make skill.json accurate (remove nonexistent Python requirements or include the promised Python files), and align permissions with actual paths used (logs, workspace). 3) Implement and document enforcement of FILE_MANAGER_MAX_SIZE in the runtime. 4) Decide and document whether logs are written to home and declare that in permissions; allow configuring log path. 5) Remove misleading examples that suggest writing to absolute system paths unless explicitly allowed. If you must use it before fixes, run the skill in a tightly confined sandbox with no access to sensitive files and monitor what files it writes; treat it as untrusted code.

功能分析

Type: OpenClaw Skill Name: local-file-manager-1-0-0 Version: 1.0.0 The skill contains a critical command injection vulnerability in index.ts. The code uses child_process.exec to execute a shell script, joining user-controlled inputs (path, content, pattern) into a shell command string without sanitization, allowing an attacker or a malicious prompt to execute arbitrary commands on the host. Additionally, index.ts contains a hardcoded absolute path (/Users/nico/...) which indicates poor development practices or a non-portable environment configuration.

能力评估

⚠ Purpose & Capability

The stated purpose (file read/write within session cwd) mostly matches the code's operations, but the package metadata is inconsistent: skill.json declares Python entrypoints and dependencies and points 'main' at non-existent Python scripts, while the package actually includes a TypeScript entry and a bash script. _meta.json ownerId differs from the registry owner. These mismatches make it unclear which files are authoritative and why Python is required.

⚠ Instruction Scope

SKILL.md promises sandboxing to the session cwd, a 10MB size limit, and use of certain env vars. The runtime pieces conflict: the bash script logs to ~/.openclaw/logs (outside cwd), there is no enforcement of FILE_MANAGER_MAX_SIZE in the shell script, and the README examples include absolute paths (e.g., /var/log/automation.log) that contradict the 'sandboxed to cwd' claim. The TypeScript launcher builds a shell command by joining raw args without quoting/escaping, allowing user-supplied content to inject arbitrary shell commands.

ℹ Install Mechanism

There is no install spec (instruction-only style), which is lower risk. However, index.ts executes an absolute script path hard-coded to /Users/nico/.openclaw/... instead of the included relative path scripts/file_manager.sh. That absolute path is unusual and brittle — on some hosts it may inadvertantly execute a different script at that location or fail to run the bundled script.

⚠ Credentials

The skill declares no required environment variables yet SKILL.md documents FILE_MANAGER_MAX_SIZE, FILE_MANAGER_LOG and FILE_MANAGER_DRY_RUN and the script reads FILE_MANAGER_LOG; those env vars are not declared. skill.json restricts file permissions to ~/.openclaw/workspace/** but the script writes logs to $HOME/.openclaw/logs by default, a path outside the stated permissions. This mismatch means the skill will access locations not reflected in its declared permissions.

ℹ Persistence & Privilege

The skill is not force-enabled (always:false) and can be user-invoked or invoked autonomously (default). It writes to a persistent log file under the user's home (~/.openclaw/logs/file-manager.log) which gives it a footprint outside the session cwd. That behavior is not inherently malicious but is inconsistent with 'no cloud sync' / 'sandboxed to cwd' messaging and should be considered by users.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install local-file-manager-1-0-0
安装完成后，直接呼叫该 Skill 的名称或使用 /local-file-manager-1-0-0 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of local-file-manager skill. - Provides safe file I/O (read, write, append, list, delete, copy/move) within the session's working directory. - Supports text, JSON, CSV, and Markdown formats. - Enforces safety: sandboxed to cwd, protected files, and size limits. - Includes dry-run mode for simulated operations. - Logs all errors and supports environment-based configuration. - Designed for roles needing local file persistence and manipulation.

元数据

Slug local-file-manager-1-0-0

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题