← 返回 Skills 市场
411
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install perkoon-transfer
功能描述
The agent data layer. Perkoon moves files between agents and the physical world — agent to human, agent to agent, agent to pipeline. P2P over WebRTC. Free. E...
安全使用建议
This skill appears coherent for P2P file transfers. Before installing: 1) Prefer a pinned package version (the README recommends pinned npx usage); ensure the platform installer uses a pinned, reviewed version rather than pulling 'latest' from npm. 2) Understand npx/npm-run will fetch and execute remote code—review the perkoon package contents and author on the registry if you need stronger assurance. 3) Be aware temporary logs (/tmp/perkoon-*.log) may include filenames or session metadata; clear or restrict access if that matters. 4) Only allow the agent to send files after explicit user confirmation (the instructions require this, but verify your agent enforces it). 5) Use the CLI's --password option for sensitive transfers and verify signaling behavior (perkoon.com links likely handle signaling; confirm whether any metadata is relayed to the server). If you need more assurance, ask the skill author for a reproducible, pinned release and a link to the package source (GitHub repo or release) to audit before installation.
功能分析
Type: OpenClaw Skill
Name: perkoon-transfer
Version: 2.0.1
The skill provides a P2P file transfer capability via WebRTC, which is an inherently high-risk behavior as it facilitates data exfiltration from the agent's environment. While SKILL.md includes safety guardrails (e.g., Rule 10) and advises against sending sensitive files without approval, it also provides instructions to bypass the service's own safety confirmation modals via localStorage and promotes autonomous agent-to-agent transfers without human oversight. The reliance on executing remote code via npx and the potential for abuse of the transfer protocol (perkoon.com) make this skill high-risk.
能力评估
Purpose & Capability
Name/description (P2P file transfer over WebRTC, agent-to-agent/human/pipeline) aligns with required binary (node) and the declared node package install (perkoon). No unrelated credentials, config paths, or unexpected binaries are requested.
Instruction Scope
SKILL.md instructs the agent to run CLI commands that create /tmp logs, start background processes, and share perkoon.com URLs—all within the stated file-transfer scope. It explicitly tells the agent to confirm file paths with the user and avoid sensitive directories, which is good. Note: the logs written to /tmp may contain JSON with filenames/session info, so those artifacts could expose metadata if not cleaned.
Install Mechanism
Install spec uses a Node/npm package (perkoon) which is appropriate for a Node-based CLI. This is a moderate-risk install type (npm packages execute code). The SKILL.md recommends using pinned npx invocations (e.g. [email protected] / @perkoon/[email protected]) to avoid dynamic fetching; the registry install metadata does not show a pinned version—this mismatch should be addressed (pin or review package before install). No downloads from arbitrary URLs or extract-from-unknown-host operations are present.
Credentials
No environment variables, secrets, or unrelated service credentials are requested. Node is the only required binary. This is proportionate to the described functionality.
Persistence & Privilege
The skill is not always-on and does not request system-wide config changes or credentials. Autonomous invocation is allowed (platform default) but not combined with other red flags here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install perkoon-transfer - 安装完成后,直接呼叫该 Skill 的名称或使用
/perkoon-transfer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
Pin [email protected] and @perkoon/[email protected] — no dynamic @latest fetches. Add user confirmation before sending. Block sensitive directories.
v2.0.0
Major update: Add MCP server as recommended integration method, A2A protocol endpoint with JSON-RPC 2.0, browser automation with Playwright scripts, --session/--sender-key flags for agent-to-agent transfers, discovery endpoints. All commands now use npx for version safety. Repositioned as The Agent Data Layer.
v1.0.2
- Updated `metadata` block to use YAML formatting and corrected the `install.kind` from `npm` to `node`.
- No changes to functionality or user-facing documentation.
v1.0.1
- Clarified that for sensitive files, the `--password` flag should always be used, as anyone with the share link can download without it.
- Added a note to the "P2P transfers are free, unlimited, and encrypted" paragraph emphasizing password protection for sensitive files.
v1.0.0
Initial release of perkoon-transfer.
- Enables autonomous, encrypted file transfers between agents or from agent to human via shareable browser link.
- No configuration required; supports unlimited P2P transfers with real-time progress and robust error reporting.
- Human recipients need only a browser—no installation needed.
- Provides structured CLI workflows for both sending and receiving, with JSON event output for automation.
- Password protection available for added security.
- Includes detailed usage instructions, flags, event streams, exit codes, and strict operational rules.
元数据
常见问题
Perkoon Transfer 是什么?
The agent data layer. Perkoon moves files between agents and the physical world — agent to human, agent to agent, agent to pipeline. P2P over WebRTC. Free. E... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 411 次。
如何安装 Perkoon Transfer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install perkoon-transfer」即可一键安装,无需额外配置。
Perkoon Transfer 是免费的吗?
是的,Perkoon Transfer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Perkoon Transfer 支持哪些平台?
Perkoon Transfer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Perkoon Transfer?
由 Perkoon(@alex-vy)开发并维护,当前版本 v2.0.1。
推荐 Skills