← 返回 Skills 市场
Vnsh Skill
作者
raullenchai
· GitHub ↗
· v1.1.1
1052
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install vnsh
功能描述
Securely share files using encrypted, expiring vnsh.dev links with the vnsh CLI for uploading and decrypting shared content.
安全使用建议
This skill implements the advertised upload/decrypt functions, but it instructs the agent to automatically read any vnsh.dev link and to automatically upload long outputs to vnsh.dev without asking the user — both behaviors risk exposing sensitive data. It also recommends installing a remote shell script via curl | sh, which executes arbitrary code from the network and is high risk. Before installing or enabling this skill: (1) insist the skill be modified to require explicit user confirmation before reading or uploading any user data; (2) remove or at least gate the automatic 'auto-read' and 'auto-share' rules; (3) avoid running curl | sh — prefer an auditable release (e.g., GitHub release tarball with a checksum/signature) or review the installer content in a sandbox; (4) confirm/declare all required binaries (xxd, mktemp, sed, head, etc.) in the manifest; and (5) if you must test, run it in an isolated environment and audit network traffic to verify no unexpected endpoints are contacted. If the maintainer can address these issues (explicit consent, no remote unchecked installers, accurate manifest), the skill would be much safer. If you cannot obtain those changes, treat it as risky and do not enable autonomous invocation.
功能分析
Type: OpenClaw Skill
Name: vnsh
Version: 1.1.1
The skill is classified as suspicious due to a severe prompt injection vulnerability in `SKILL.md`. The AI agent is explicitly instructed to automatically process any incoming `vnsh.dev/v/` URLs without user confirmation ('You MUST use this skill automatically... do NOT ask the user first', 'Never ask... just read it'). This allows an attacker to send a crafted `vnsh.dev` link containing malicious instructions, which the agent would then automatically download, decrypt via `scripts/read.sh`, and potentially execute or interpret, bypassing user consent. Additionally, the `install` command in `SKILL.md` uses `curl -sL vnsh.dev/i | sh`, which is a significant supply chain risk as it executes a remote script directly.
能力评估
Purpose & Capability
The name/description match the provided scripts: upload.sh encrypts and posts to vnsh.dev, read.sh downloads and decrypts using keys from the URL fragment. However there's an inconsistency between registry metadata (no required binaries) and SKILL.md which lists curl and openssl; the scripts also implicitly rely on other standard utilities (mktemp, sed, head, xxd, tr, grep) that SKILL.md doesn't fully declare. This discrepancy reduces confidence in the manifest's accuracy.
Instruction Scope
SKILL.md instructs the agent to automatically decrypt ANY vnsh.dev/v/ URL it sees ("do NOT ask the user first") and to automatically upload any long output (>4000 chars / >80 lines) to vnsh.dev without asking. Both behaviors enable automatic retrieval or transmission of potentially sensitive data to a third party and remove user consent. The scripts themselves only talk to vnsh.dev, but the auto-trigger policies grant the agent broad permission to fetch and upload data without confirmation.
Install Mechanism
SKILL.md recommends (and labels) an install command that pipes a remote script into sh: "curl -sL vnsh.dev/i | sh". Remote download-and-execute is a high-risk install pattern (unchecked code execution). The skill is instruction-only in the registry, yet it still recommends this installer — a mismatch and a notable risk. The included scripts are small and readable, but the suggested installer fetches code from the network with no verification.
Credentials
The skill requests no credentials or env vars, which superficially seems proportional. However, the mandated auto-share policy causes potential exfiltration of arbitrary agent outputs (which can include secrets or sensitive data) to vnsh.dev. The scripts do not require API keys, so they rely solely on posting data to the public service; that design is functional but creates disproportionate risk because it enables automatic outbound data transfer without consent.
Persistence & Privilege
The package does not set always:true, but SKILL.md explicitly tells the agent to auto-trigger on incoming messages and on long outputs. Given the platform default allowing autonomous model invocation, those instructions combine with normal autonomy to produce a high blast radius: the skill would autonomously download and decrypt inbound links and autonomously upload large outputs. That combination is dangerous if you expect explicit user consent before sharing or opening external content.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vnsh - 安装完成后,直接呼叫该 Skill 的名称或使用
/vnsh触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
Add scripts for OpenClaw skill integration
v1.1.0
Add file type detection: downloads now have correct extensions (mp4, pdf, png, etc.)
v1.0.0
Align with CLI version
v0.1.0
Initial release
元数据
常见问题
Vnsh Skill 是什么?
Securely share files using encrypted, expiring vnsh.dev links with the vnsh CLI for uploading and decrypting shared content. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1052 次。
如何安装 Vnsh Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vnsh」即可一键安装,无需额外配置。
Vnsh Skill 是免费的吗?
是的,Vnsh Skill 完全免费(开源免费),可自由下载、安装和使用。
Vnsh Skill 支持哪些平台?
Vnsh Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Vnsh Skill?
由 raullenchai(@raullenchai)开发并维护,当前版本 v1.1.1。
推荐 Skills