← 返回 Skills 市场
313
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install nas-file-courier
功能描述
Search files on NAS (via rclone + Tailscale) and send to user via messaging API. Triggers on file search, find file, send file, 找文件, 发文件, NAS 查找, 下载文件.
安全使用建议
This skill generally does what it says (search NAS via rclone+Tailscale and send files), but the published metadata omits important runtime requirements and assumptions. Before installing or running it: 1) Confirm the runtime host has rclone, tailscale CLI, jq, python3, and a configured rclone remote (the skill depends on ~/.config/rclone/rclone.conf for NAS credentials). 2) Verify the rclone remote credentials are stored securely and that you trust the host running the agent (the skill will cause rclone to read those credentials). 3) Understand network exposure: the HTTP fallback starts a temporary rclone HTTP server bound to the Tailscale IP — any device on the same Tailscale mesh could access the link while it’s up. 4) Ask the author to update registry metadata to declare required binaries and config paths, fix the inconsistent temp-path references (/tmp/nas-courier vs /tmp/openclaw/nas-courier), and clarify whether python3 and jq are required. 5) Test with a small, non-sensitive file first to confirm MEDIA: delivery behavior and that cleanup/kill logic reliably terminates the temporary server. If you cannot verify these items or do not control the Tailscale mesh, treat the skill cautiously.
功能分析
Type: OpenClaw Skill
Name: nas-file-courier
Version: 1.0.0
The skill facilitates NAS file retrieval using rclone and Tailscale, but contains patterns that introduce security risks. Specifically, the instructions in SKILL.md and references/rclone-ops.md for searching files do not include input sanitization, potentially allowing for argument injection if the agent passes unsanitized user keywords to rclone. Furthermore, references/http-temp-link.md describes a fallback mechanism that starts a temporary HTTP server (rclone serve http), which, although restricted to the Tailscale network, increases the local attack surface. These issues represent significant vulnerabilities in the context of an AI agent executing shell commands.
能力评估
Purpose & Capability
The skill's stated purpose (NAS search + deliver via messaging) aligns with the runtime steps. However the package metadata declared no required binaries, env vars, or config paths, while SKILL.md clearly requires rclone, Tailscale (tailscale CLI and tailscale IP), jq, python3 (used for URL encoding), and (for initial setup) sudo. That mismatch is an incoherence: a consumer would legitimately need these binaries and access to rclone configuration to use this skill.
Instruction Scope
The SKILL.md instructions stay within the core purpose (search with rclone, copy to /tmp, deliver via platform MEDIA: lines, verify receipt, and mandatory cleanup). They also define safety rules (don't leak secrets, bind to Tailscale IP). Notable instruction-scope items: it starts a background HTTP server (rclone serve http) bound to the Tailscale IP and sleeps for 10 minutes, uses python3 to URL-encode names, and relies on deliver engine handling MEDIA: lines. The instructions reference rclone config (remotes with credentials) implicitly. There are minor internal inconsistencies (rclone-ops references /tmp/nas-courier/ while SKILL.md references /tmp/openclaw/nas-courier/; SKILL.md demands fuse3 dependency though operations are CLI-based).
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it writes nothing to disk during install. That is the lowest install risk. The runtime requires external tools to be present, but nothing is installed by the skill itself.
Credentials
The skill declares no required credentials or config paths, yet it depends on an existing rclone remote (which implies ~/.config/rclone/rclone.conf with NAS credentials) and on messaging channels that the platform's deliver engine will use (these require bot tokens maintained elsewhere). The skill will rely on rclone accessing stored NAS credentials; the registry metadata should have declared that dependency and any config path access. The lack of declared config access (and missing required binaries like tailscale, rclone, jq, python3) is disproportionate to the stated metadata.
Persistence & Privilege
always is false, no install spec, and SKILL.md explicitly forbids modifying rclone config or system-wide settings. The skill starts short-lived background processes at runtime (rclone serve http) but requires explicit cleanup steps. No suspicious persistent privileges are requested in the registry metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nas-file-courier - 安装完成后,直接呼叫该 Skill 的名称或使用
/nas-file-courier触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
nas-file-courier 1.0.0 – Initial Release
- Search files on a NAS via rclone over Tailscale based on user keywords, type, or time range.
- Deliver files to users through supported messaging APIs (Feishu, Telegram, QQ Bot) using validated native sending methods.
- Guides user through file selection, confirmation, and delivery verification to ensure correct receipt.
- Implements strict temp file management in `/tmp/openclaw/nas-courier/` with mandatory cleanup after every operation.
- Enforces security policies: read-only operations, no sudo, no exposure of credentials or private data, and sends only permitted file types.
元数据
常见问题
NAS File Courier Skill 是什么?
Search files on NAS (via rclone + Tailscale) and send to user via messaging API. Triggers on file search, find file, send file, 找文件, 发文件, NAS 查找, 下载文件. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 313 次。
如何安装 NAS File Courier Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nas-file-courier」即可一键安装,无需额外配置。
NAS File Courier Skill 是免费的吗?
是的,NAS File Courier Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
NAS File Courier Skill 支持哪些平台?
NAS File Courier Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 NAS File Courier Skill?
由 Randal(@tecfancy)开发并维护,当前版本 v1.0.0。
推荐 Skills