file-transfer-thru-local-workspace
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real local file-transfer skill, but it installs a persistent web server and has authentication and credential-handling gaps that could expose local files if not carefully configured.
Review this skill before installing. If you use it, configure a strong gateway token, avoid password-only/no-auth mode, firewall port 15170 to trusted hosts, inspect and protect the generated systemd service file, and stop or uninstall the service when you no longer need browser-based file transfer.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the service is reachable on a network and no token is loaded, other users may be able to list, download, upload, delete files, or access skill packages without the expected password protection.
The server loads only gateway.auth.token and only enforces auth when that token is non-empty. Password-only or token-missing configurations can therefore leave APIs unprotected despite the skill advertising Token/Password smart authentication.
return config.gateway?.auth?.token || ''; ... if (GATEWAY_TOKEN && tokenParam !== GATEWAY_TOKEN) { ... }Use a gateway token before running this skill, restrict the port with firewall rules, and update the service to enforce authentication for token and password modes or refuse to start without auth.
Your OpenClaw auth secret may be copied into a service file or process environment instead of remaining only in the main OpenClaw config.
The installer reads the user's OpenClaw token or password and writes it into a systemd service environment value, creating another persistent location where the credential may be exposed.
GATEWAY_PASSWORD=$(grep -o '"password": *"[^"]*"' "${CONFIG_FILE}" ...)
...
Environment=GATEWAY_AUTH_VALUE=${AUTH_VALUE}Do not embed gateway credentials in service files; read them securely at runtime, protect file permissions, and rotate the token/password if you already installed this version.
A local web server may keep accepting file-management requests until you explicitly stop or uninstall it.
The install script creates an auto-restarting service or a background nohup process, so the file-transfer server continues running after installation.
Restart=always ... systemctl enable openclaw-upload.service systemctl start openclaw-upload.service ... nohup env UPLOAD_PORT=15170 ... node upload-server.js
Install only if you want a persistent service, confirm who can reach port 15170, and stop or disable the service when it is not needed.
If a request can supply a crafted skill name, the server may package or write files outside the intended skills/uploads directories.
The skill packaging helper uses the supplied skillName in filesystem paths and a zip command without visible basename, allow-list, or realpath validation.
const skillPath = path.join(SKILLS_DIR, skillName);
const zipPath = path.join(UPLOADS_DIR, `${skillName}-skill.zip`);
const zip = spawn('zip', ['-r', zipPath, skillName, '-x', '*/node_modules/*'], { cwd: SKILLS_DIR, ... });Validate skill names against the enumerated installed-skill list, reject path separators and '..', and confirm resolved paths stay under the intended directories before zipping.