← 返回 Skills 市场
wynnsu

Ngrok Preview

作者 Yong · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
631
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install ngrok-preview
功能描述
Generate short-lived, mobile-friendly ngrok preview links for local artifacts and share them in Telegram. Use when OpenClaw produces images/charts/generated...
安全使用建议
This skill appears to do what it says: create short-lived ngrok previews of files you explicitly provide. Before installing/using it: 1) Install ngrok from the official site and provide NGROK_AUTHTOKEN securely if you want authenticated tunnels. 2) Only pass specific artifact paths (not broad or system dirs) — the script will copy whatever paths you give into ~/.cache/openclaw-ngrok-preview, so do not include secrets (SSH keys, config dirs, root of workspace). 3) Run the provided cleanup/down commands after the preview is no longer needed to remove local copies. 4) Verify the preview URL before sharing (it exposes files over the internet). If you want automated Telegram posting, note the skill does not contain Telegram integration or request a Telegram token — sharing must be done by the agent/user via their existing channel.
功能分析
Type: OpenClaw Skill Name: ngrok-preview Version: 1.0.2 The 'ngrok-preview' skill is designed to expose local files and directories via ngrok, which is an inherently high-risk capability. While the SKILL.md explicitly instructs the AI agent to only publish 'task-specific outputs' and 'never broad directories', the underlying `scripts/ngrok_preview.py` script's `copy_sources` function will copy and serve any path provided to its `--source` argument. This creates a significant prompt injection vulnerability, allowing a malicious user to instruct the AI agent to expose sensitive local files (e.g., `~/.ssh`, `/etc/passwd`) or entire directories, leading to data exfiltration. The script uses `subprocess.Popen` to run a local HTTP server and the ngrok client, providing the mechanism for this exposure.
能力评估
Purpose & Capability
Name/description match the included script and SKILL.md: the script packages task artifacts, starts an ngrok tunnel, and exposes a temporary preview. The README mentions Telegram only as the delivery channel; the skill does not require Telegram credentials (it expects the agent or user to share the link) which is reasonable.
Instruction Scope
SKILL.md keeps scope narrow (collect task artifacts, create a session, publish link, clean up). The script follows that: it copies only the explicitly passed --source paths and serves them. However, the script will copy arbitrary filesystem paths you pass (absolute or relative), so a careless invocation could expose sensitive files. SKILL.md warns not to publish broad directories, but the mechanism does allow copying anything the agent/user specifies.
Install Mechanism
No install spec; instructions require a user-installed ngrok binary (official site) and optionally an auth token. Nothing is downloaded or executed from unknown remote URLs by the skill itself.
Credentials
No required environment variables are declared. The script optionally reads NGROK_AUTHTOKEN (or accepts --auth-token) which is appropriate for using ngrok. No other secrets or unrelated credentials are requested.
Persistence & Privilege
The skill writes session state and copied artifacts under ~/.cache/openclaw-ngrok-preview (per-session dirs stored until cleaned). always:false and no privileged flags are set. Users should be aware that copied artifacts persist until 'down' or 'cleanup' is run and that stale sessions can retain files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ngrok-preview
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ngrok-preview 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Revert SKILL.md description update; keep README-only messaging
v1.0.1
Update published description and positioning
v1.0.0
Initial release
元数据
Slug ngrok-preview
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Ngrok Preview 是什么?

Generate short-lived, mobile-friendly ngrok preview links for local artifacts and share them in Telegram. Use when OpenClaw produces images/charts/generated... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 631 次。

如何安装 Ngrok Preview?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ngrok-preview」即可一键安装,无需额外配置。

Ngrok Preview 是免费的吗?

是的,Ngrok Preview 完全免费(开源免费),可自由下载、安装和使用。

Ngrok Preview 支持哪些平台?

Ngrok Preview 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ngrok Preview?

由 Yong(@wynnsu)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论