← 返回 Skills 市场

Wenshushu File Uploader

Name: Wenshushu File Uploader
Author: gcdd1993

作者阿晨聊技术 · GitHub ↗ · v0.1.1 · MIT-0

cross-platform ⚠ suspicious

260

总下载

当前安装

版本数

在 OpenClaw 中安装

/install wenshushu-uploader

功能描述

文叔叔文件上传技能，自动上传文件到文叔叔并生成分享链接和取件码

安全使用建议

This skill appears to do what it claims: upload files to wenshushu using the wssf CLI. Before installing or invoking it, consider: (1) do not provide sensitive system paths (e.g., ~/.ssh, /etc/*, credential files) — the skill will happily upload arbitrary files; (2) if you enable 'login' flows, a token is stored at ~/.config/wenshushu/token.txt — treat that token like a secret; (3) install.sh runs a remote installer (astral.sh) and will run pip install wssf — review these steps or run them manually in a sandbox if you have concerns; (4) if you need finer control, run upload.py manually in a constrained environment and inspect outputs before letting the agent invoke it autonomously.

功能分析

Type: OpenClaw Skill Name: wenshushu-uploader Version: 0.1.1 The skill exhibits high-risk behaviors and a potential path traversal vulnerability. It includes an installation script (`install.sh`) that executes a remote script via `curl | sh` and a Python script (`scripts/upload.py`) that performs runtime package installation using `uv`. Furthermore, the `upload_file` function in `scripts/upload.py` resolves file paths without validating that they reside within the intended workspace, potentially allowing an agent to exfiltrate sensitive system files if prompted. While these capabilities are aligned with the stated purpose of uploading files to Wenshushu, the lack of path sanitization and the automated execution of remote installation logic meet the criteria for a suspicious classification.

能力评估

✓ Purpose & Capability

Name/description, included scripts, and SKILL.md all describe a file uploader for wenshushu. Declared dependencies (wssf, uv) and included install.sh / upload.py are consistent with that purpose; nothing requested appears unrelated to uploading files to wenshushu.

ℹ Instruction Scope

Runtime instructions tell the agent to check file existence, call the wssf CLI, and optionally save upload records. This is coherent, but the skill will accept arbitrary filesystem paths and upload them to an external service — which is expected for an uploader but enables accidental or malicious exfiltration if the agent is given sensitive paths (e.g., SSH keys, tokens). The SKILL.md also instructs users how to extract an X-TOKEN from browser devtools and store it locally for logged uploads; that flow is optional but sensitive.

✓ Install Mechanism

No opaque downloads from unknown hosts in the package files. The automation uses a known uv installer (curl https://astral.sh/uv/install.sh) and pip install wssf==5.0.6 (PyPI). These are typical for Python tooling; running a remote installer (curl | sh) is moderately risky operationally but expected for installing uv.

ℹ Credentials

The skill does not declare unrelated environment variables or credentials. It may read/write a local token at ~/.config/wenshushu/token.txt and write upload records to ~/.openclaw/memory/wenshushu-uploads.jsonl — reasonable for its function. However, because it accepts arbitrary file paths, it can be used to transmit any local file to the remote service; treat that as a sensitive capability (not a hidden one).

✓ Persistence & Privilege

always is false and the skill does not request elevated platform privilege. It persists its own configuration/token and upload logs under user-scoped config paths (~/.config and ~/.openclaw) which is proportionate to functionality and does not appear to modify other skills or system-wide settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install wenshushu-uploader
安装完成后，直接呼叫该 Skill 的名称或使用 /wenshushu-uploader 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.1

- Initial release of wenshushu-uploader as version 0.1.1. - Added full documentation and usage instructions (README.md, SKILL.md). - Introduced install script for environment setup (install.sh). - Implemented main upload logic in scripts/upload.py. - Added metadata description (_meta.json). - Minor update: renamed the skill internally to "wenshushu-file-uploader".

v0.1.0

- Initial release of wenshushu-uploader skill. - Enables automatic upload of files to wenshushu.cn, generating public download links and 4-digit pickup codes. - Supports both single and batch (multi-file) uploads. - Allows anonymous or logged-in uploads with optional proxy configuration. - Records upload history locally and provides management links for uploaded files. - Includes built-in wssf tool installation and configuration for first-time use.

元数据

Slug wenshushu-uploader

版本 0.1.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题

Wenshushu File Uploader 是什么？

文叔叔文件上传技能，自动上传文件到文叔叔并生成分享链接和取件码. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 260 次。

如何安装 Wenshushu File Uploader？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wenshushu-uploader」即可一键安装，无需额外配置。

Wenshushu File Uploader 是免费的吗？

是的，Wenshushu File Uploader 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Wenshushu File Uploader 支持哪些平台？

Wenshushu File Uploader 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Wenshushu File Uploader？

由阿晨聊技术（@gcdd1993）开发并维护，当前版本 v0.1.1。