ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent-to-Owner File Bridge

v3.0.2

Use this skill whenever an AI agent needs to share files, export results, upload outputs, or send data to its owner. Securely uploads files from the agent's...

2· 670·2 current·2 all-time
by@mrbeandev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the instructions: the skill is meant to upload files to a bridge server and return links. However registry metadata claims 'no required env vars' while SKILL.md documents API_KEY and SERVER_URL as required in practice — that mismatch should be resolved. Requiring a server URL and API key is reasonable for this purpose, but the need to copy/run server.py from a remote repo (not included) is an additional capability not obvious from the registry metadata.
!
Instruction Scope
The SKILL.md instructs the agent to fetch/copy server.py from the referenced GitHub repo, generate and write an API key to .env in the agent workspace, run the server, and optionally open a public tunnel. Those actions let the agent fetch and execute remote code and expose a local service to the public — all sensitive operations. The document relies on explicit user confirmations for each step, but that is an instruction-level guard (not a platform-enforced guarantee).
!
Install Mechanism
There is no install spec or bundled server code; the agent is expected to pip install flask and pull server.py from the repo at runtime. That requires executing code fetched from a third party (GitHub) in the agent workspace. Running unvetted code and opening tunnels increases risk compared to an instruction-only skill that performs only local actions.
Credentials
Requesting API_KEY and SERVER_URL is proportional to a file-upload bridge. But the registry metadata lists no required env vars while SKILL.md documents them, creating an incongruity. The SKILL.md's recommendation to generate and store API keys in .env in the agent workspace is functional but has confidentiality implications (secrets stored on the agent side); rotating/deleting keys after the session is recommended.
Persistence & Privilege
The skill does not request always:true and uses the normal autonomous-invocation model. The bigger concern is that autonomous invocation plus the ability to fetch/execute a server and open public tunnels widens the blast radius if approvals are not strictly enforced by the user. The SKILL.md says every step requires explicit approval, but that is an instruction-level constraint, not an enforced platform guarantee.
What to consider before installing
This tool can be useful, but proceed cautiously. Prefer Manual Mode: host the bridge on infrastructure you control and only give the agent the Server URL and API key. If you consider Autonomous Mode: (1) review the linked GitHub repository and the exact server.py/index.php source before allowing the agent to fetch or run it, (2) do not approve running the server or opening a public tunnel unless you understand the exposure (public tunnels make the agent workspace reachable over the Internet), (3) avoid uploading sensitive secrets or credentials through the bridge, (4) require HTTPS and proper server-side checks on your hosted endpoint, and (5) if you must use an API key created by the agent, rotate and delete it after the session. The metadata mismatch about required env vars is also worth clarifying with the skill author before trusting the skill.

Like a lobster shell, security has layers — review code before you run it.

automationvk974n2hjw1bs9s9rwsjkjxavcd82a0gtbridgevk974n2hjw1bs9s9rwsjkjxavcd82a0gtfile-uploadvk974n2hjw1bs9s9rwsjkjxavcd82a0gtlatestvk974n2hjw1bs9s9rwsjkjxavcd82a0gtutilityvk974n2hjw1bs9s9rwsjkjxavcd82a0gt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Agent-to-Owner File Bridge

Upload files from an agent's workspace and generate a download/preview URL for the owner. The bridge server is open-source, self-hosted, and all sensitive steps require explicit user permission.

GitHub Repository: https://github.com/mrbeandev/OpenClaw-File-Links-Tool

🔒 Permissions & Security Boundaries

This skill has two modes. Both require the user to explicitly choose and approve before any action is taken:

ActionWho approvesScope
Running server.pyUser must say "yes, start it"Agent's own workspace only
Opening a public tunnelUser must say "yes, expose it"Temporary, agent-session-scoped
Generating & storing API keyUser must say "yes, generate it".env in agent's workspace
Uploading a fileUser must confirm file + destinationNamed file, single upload

The agent never initiates any of these actions silently. Every step is gated by an explicit user confirmation.

🛠 Setup

The bridge server is a single open-source PHP or Python file deployed by the user on their own infrastructure.

Option A — PHP (recommended for shared hosting)

  1. Place index.php on any PHP host.
  2. Set API_KEY in a .env file.
  3. Note the URL and key.

Option B — Python (VPS / local machine)

  1. pip install flask then python server.py.
  2. Set API_KEY in .env.
  3. Note the URL and key.

Once set up, give the agent your Server URL and API Key — no further setup needed.

🤖 Agent Workflow

When the user asks to upload or share a file:

  1. Check for Bridge: Is a Server URL and API Key already configured in this session? If yes, skip to step 4.

  2. Onboarding: Ask the user exactly one question:

    "I can help you share files. How would you like to handle the hosting?

    1. Manual Mode (recommended): You already have a server — give me the URL and API Key and I'll upload right away.
    2. Autonomous Mode: I'll set up a temporary local bridge in my workspace and open a public tunnel. This requires your permission at each step."

  3. Autonomous Mode (only if user explicitly chooses it):

    Step 3a — Get user confirmation before starting:

    "To run the bridge server I will: (1) copy server.py from the open-source repo, (2) generate an API key and save it to .env in my workspace, (3) start the server on port 5000. May I proceed?"

    • Only proceed if the user says yes.

    Step 3b — Get user confirmation before opening the tunnel:

    "To make the server reachable I will open a temporary public tunnel (via localtunnel or localhost.run). This creates a public URL pointing at my local port 5000. The link expires when my session ends. May I open the tunnel?"

    • Only proceed if the user says yes.
    • After tunnel is open, tell the user: "The tunnel URL is [URL]. This link is temporary and will stop working when this session ends."

  4. Upload:

    • POST the file to the server URL with X-API-Key header and file form-data field.
    • The JSON response contains url (direct download) and view_url (rich in-browser viewer).
    • Give the user view_url for text, code, images, and ZIPs — it renders content instantly in the browser.
    • Give url for binary files or when a raw download link is requested.

📋 API Reference

EndpointMethodAction
/POSTUpload a file (file form-data field)
/?action=listGETList all uploaded files
/?action=view&file=...GETRich viewer (ZIP: add &inner_file=path)
/?action=deletePOSTDelete files (JSON: {"files": ["name..."]})

Authentication: X-API-Key request header on all endpoints.

📎 Bundled Reference

See api_instructions.txt for a concise API cheat-sheet with curl examples.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…