← 返回 Skills 市场
stormixus

OCFT - OpenClaw File Transfer

作者 stormixus · GitHub ↗ · v1.1.2
cross-platform ⚠ suspicious
2547
总下载
1
收藏
3
当前安装
5
版本数
在 OpenClaw 中安装
/install ocft
功能描述
P2P file transfer between AI agents via message channels. Supports chunked transfer, IPFS fallback for large files, and trusted peer management.
安全使用建议
This skill is a coherent P2P file-transfer design, but exercise caution before installing or running it: - Audit the npm package first: the SKILL.md tells you to run `npm install -g ocft`, which will download and run third-party code. Inspect the package and its GitHub repo (commits, maintainers, recent activity) before installing. - Prefer installing/running the CLI in an isolated environment (container, VM) rather than installing globally on a production machine. - Be aware the tool creates and stores secrets and trusted-peer data at ~/.ocft/config.json and exposes commands like `show-secret` and `export` — treat those secrets like any API key and avoid sharing them with untrusted peers. - Understand the risk of file exfiltration: the skill is designed to send arbitrary files over chat channels. Only add trusted peers and verify URIs before importing peers. - If you plan to use IPFS fallback, verify provider credentials and limit keys scope; don't reuse high-privilege keys. If you want a safer install path, request the maintainer provide a pinned install spec (e.g., exact npm package version and checksum) or bundle audited code rather than only an instruction to install from npm.
功能分析
Type: OpenClaw Skill Name: ocft Version: 1.1.2 This skill is classified as suspicious due to its inherent handling of sensitive information (node secrets, IPFS API keys) and its extensive file system and network access, which, while plausible for its stated purpose of P2P file transfer, introduces significant risk. Specifically, commands like `ocft show-secret` and `ocft set-ipfs-key` (documented in SKILL.md) directly manage credentials, and the skill stores configuration including secrets in `~/.ocft/config.json` (mentioned in README.md). The reliance on an external `npm` package (`npm install -g ocft`) also presents a supply chain risk.
能力评估
Purpose & Capability
The stated purpose (P2P file transfer between agents) aligns with the CLI/API shown in SKILL.md (init, add-peer, sendFile, IPFS fallback). However the metadata declares no required config paths or credentials while the README/SKILL.md explicitly references a local config file (~/.ocft/config.json) that stores node secrets and trusted peers. That mismatch (declared nothing vs. instructions that create/store secrets) is an inconsistency worth flagging.
Instruction Scope
The SKILL.md instructs running the `ocft` CLI (e.g., `ocft init`, `ocft show-secret`, `ocft export`, `ocft sendFile`, referencing paths like /path/to/file.txt and ~/.ocft/config.json). Those operations necessarily read/write local files and secrets and can be used to send arbitrary files over message channels — which is the intended feature but also enables file exfiltration if misused. The instructions also include 'show-secret' and 'export', operations that surface secrets; the skill does not limit or warn about when/how those should be used.
Install Mechanism
No install spec is provided in the registry metadata, but the SKILL.md tells users to run `npm install -g ocft`. That delegates installation to a third-party npm package at runtime. Installing an external npm package globally downloads and executes code from the network and should be audited first; the instruction-only nature of the skill (no bundled code) plus a global npm install increases risk because the skill's operation depends on external code not audited here.
Credentials
The registry declares no required environment variables, which is consistent with the CLI-first design. The SKILL.md does provide commands to set IPFS provider keys and a Kubo URL (via `set-ipfs-key`, `set-kubo-url`) — these are relevant to the IPFS fallback feature but are not declared as required env or config in the metadata. The skill will store secrets in a local config file; that storage behavior is reasonable for a transfer tool but should be considered by users before adding secrets.
Persistence & Privilege
The skill is not set to always:true and does not request system-wide privileges in the metadata. It's instruction-only and does not request persistent platform-level enforcement. It will (per README) create a local config at ~/.ocft/config.json, which is expected for this functionality and is scoped to the user's home directory.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ocft
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ocft 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.2
- Added support for IPFS fallback, allowing large files to be transferred using IPFS when they exceed a configurable threshold. - Expanded CLI commands for trusted peer management and IPFS configuration. - New commands include peer trust expiration (`set-ttl`, `extend-peer`), secret verification, and IPFS provider setup. - Updated SKILL.md with detailed usage instructions and feature list. - Added .clawhub/origin.json to the project.
v1.0.3
- Added a concise YAML metadata header with name, description, and homepage to SKILL.md. - No functional or feature changes; documentation only.
v1.0.2
- Added support for configurable maximum file size via the new ocft set-max-size command. - Updated documentation to highlight the new max file size feature and CLI command. - Clarified that the default 100MB file size limit can now be changed by the user.
v1.0.1
- Added links to the project's GitHub and npm pages in the documentation. - No code changes; documentation update only.
v1.0.0
Initial release of OCFT - OpenClaw File Transfer Protocol - Enables peer-to-peer file transfer between AI agents over text-based chat channels (e.g., Telegram, Discord, Slack). - CLI tools to manage nodes, secrets, and trusted peers. - Chunked file transfer with 48KB pieces and SHA-256 integrity verification. - Supports explicit or automatic file transfer acceptance, whitelisting peers with expiring secrets. - Allows transfer resumption and secure peer management. - File transfer messages use a standardized, easily shareable format for channel-based communication.
元数据
Slug ocft
版本 1.1.2
许可证
累计安装 3
当前安装数 3
历史版本数 5
常见问题

OCFT - OpenClaw File Transfer 是什么?

P2P file transfer between AI agents via message channels. Supports chunked transfer, IPFS fallback for large files, and trusted peer management. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2547 次。

如何安装 OCFT - OpenClaw File Transfer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ocft」即可一键安装,无需额外配置。

OCFT - OpenClaw File Transfer 是免费的吗?

是的,OCFT - OpenClaw File Transfer 完全免费(开源免费),可自由下载、安装和使用。

OCFT - OpenClaw File Transfer 支持哪些平台?

OCFT - OpenClaw File Transfer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OCFT - OpenClaw File Transfer?

由 stormixus(@stormixus)开发并维护,当前版本 v1.1.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论