← 返回 Skills 市场
File Uploader
作者
jpengcheng523-netizen
· GitHub ↗
· v1.0.0
· MIT-0
118
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install uploader
功能描述
Upload a local file to Astron Claw Bridge and return a public download URL.
安全使用建议
This skill will read /root/.openclaw/openclaw.json to get a bridge host and bearer token, then upload whatever local file you point it at to that remote server. Before installing or running it: 1) Verify you trust the skill author (source/homepage unknown here). 2) Inspect your /root/.openclaw/openclaw.json to confirm the token and bridge are expected and that you want to allow uploads with that token. 3) Never upload sensitive files (credentials, private keys, secrets) with this tool. 4) Prefer a version of the skill that declares the config path/credential requirement in metadata or that accepts explicit host/token parameters rather than silently reading agent config. If you need to proceed, consider running it in an isolated environment or container and review the uploaded file and destination first.
功能分析
Type: OpenClaw Skill
Name: uploader
Version: 1.0.0
The skill provides a functional tool to upload local files to a remote server (Astron Claw Bridge), which is a direct mechanism for data exfiltration. The script `scripts/upload_media.py` accesses sensitive configuration data, including authentication tokens, from `/root/.openclaw/openclaw.json`. While the logic appears to align with the stated purpose of the skill, the inherent risk of an AI agent being directed to upload sensitive system files or credentials to a remote endpoint makes this a high-risk capability.
能力评估
Purpose & Capability
Name/description align with the code: the script uploads a local file to an Astron Claw Bridge endpoint and returns a download URL. However, the registry metadata declared no required config paths or credentials while the code and SKILL.md explicitly depend on /root/.openclaw/openclaw.json (discrepancy).
Instruction Scope
SKILL.md and the script instruct the agent to read /root/.openclaw/openclaw.json for host and token and then POST the local file to the bridge. Reading that specific agent config path (and using its token) expands scope beyond a simple uploader and is not declared in the skill metadata.
Install Mechanism
No install spec; this is an instruction-only skill with one Python script that requires the 'requests' package. Nothing is downloaded from external untrusted URLs during install.
Credentials
The skill uses an authentication token and host read from an agent config file but declares no required env vars or config paths. Accessing a token from /root/.openclaw/openclaw.json is sensitive and not reflected in the declared requirements — disproportionate and undeclared credential access.
Persistence & Privilege
always:false and no persistence are fine, but the script accesses the agent's config (plugins entries) and extracts a plugin token. The skill therefore reads credentials/config belonging to other agent components, which is a privileged operation and should have been declared and consented to.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install uploader - 安装完成后,直接呼叫该 Skill 的名称或使用
/uploader触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish - Upload files to Astron Claw Bridge
元数据
常见问题
File Uploader 是什么?
Upload a local file to Astron Claw Bridge and return a public download URL. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。
如何安装 File Uploader?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install uploader」即可一键安装,无需额外配置。
File Uploader 是免费的吗?
是的,File Uploader 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
File Uploader 支持哪些平台?
File Uploader 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 File Uploader?
由 jpengcheng523-netizen(@jpengcheng523-netizen)开发并维护,当前版本 v1.0.0。
推荐 Skills