file-transfer-thru-local-workspace
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill matches its local file-transfer purpose, but its installer and authentication handling can leave a persistent web file service and gateway credentials less protected than advertised.
Install only if you are comfortable running a persistent local web file server. Before installing, inspect the scripts, ensure the service is bound and firewalled appropriately, configure a gateway token rather than relying on password-only auth, and rotate your OpenClaw gateway secret if you already ran this installer.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A gateway token or password may be stored in a local service file, increasing the chance that another local process or administrator-level user can recover and reuse it.
The installer reads the user's OpenClaw gateway token or password and writes it into a persistent systemd unit environment value.
GATEWAY_TOKEN=$(grep -o '"token": *"[^"]*"' "${CONFIG_FILE}" ...)
GATEWAY_PASSWORD=$(grep -o '"password": *"[^"]*"' "${CONFIG_FILE}" ...)
...
Environment=GATEWAY_AUTH_VALUE=${AUTH_VALUE}Do not install without reviewing this behavior. Prefer an implementation that reads authentication at runtime from a properly permissioned config file, does not persist secrets in service unit files, and declares credential handling in metadata.
Password-only users may believe the web file interface is protected when at least the visible file-list endpoint may not require their password.
The visible file-list API enforces only a gateway token. If the user configured password authentication, the documented password path is not checked here, and an empty token disables this check.
return config.gateway?.auth?.token || '';
...
if (req.method === 'GET' && parsedUrl.pathname === '/api/files') {
const tokenParam = parsedUrl.searchParams.get('token');
if (GATEWAY_TOKEN && tokenParam !== GATEWAY_TOKEN) { ... }Require authentication on every API endpoint using the same Token/Password rules advertised in SKILL.md, and fail closed when authentication configuration is ambiguous.
If the service is reachable on a network or authentication is missing/misconfigured, other web pages or devices could interact with the file-management API more easily.
The web API allows any browser origin and includes DELETE among allowed methods for a service that manages local workspace files.
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');Bind to localhost by default, restrict CORS origins, require authentication for every action, and avoid exposing DELETE/file-management operations broadly.
The upload service will keep running after installation until explicitly stopped or uninstalled.
The installer creates an auto-restarting background service, or starts a nohup background process when systemd is unavailable.
Restart=always
...
systemctl enable openclaw-upload.service
systemctl start openclaw-upload.service
...
nohup env UPLOAD_PORT=15170 WORKSPACE="${WORKSPACE}" GATEWAY_AUTH_VALUE="${AUTH_VALUE}" node upload-server.js > upload-server.log 2>&1 &Install only if you want a persistent local web server. Confirm how to stop it, and disable the service when you are not using file transfer.
This external command execution is expected for packaging skills, but it expands the runtime surface and depends on a local zip binary.
The server invokes the system zip command to create downloadable skill packages.
const { exec, spawn } = require('child_process');
...
const zip = spawn('zip', ['-r', zipPath, skillName, '-x', '*/node_modules/*'], { cwd: SKILLS_DIR, ... });Keep the endpoint authenticated, validate skill names strictly, and declare the zip binary requirement consistently.
A user relying only on registry metadata may not realize that running the included installer changes local service state and uses system commands.
The registry install contract says there is no install spec, while the package still contains install.sh and package.json install scripts that perform service setup.
No install spec — this is an instruction-only skill.
Review install.sh before running it, and ensure registry metadata accurately declares install behavior, required binaries, network listening, filesystem access, and credential handling.