Localsend
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent with its LocalSend file-transfer purpose, but users should verify the external CLI install source and be careful about which local files and nearby devices they choose.
This appears to be a purpose-aligned LocalSend helper. Before installing, verify the localsend-cli source, avoid running unreviewed downloads from a moving branch if possible, and only send or receive files with nearby devices you recognize and trust.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You would be trusting the current upstream localsend-cli script to run on your machine.
The skill relies on installing an executable script from an unpinned GitHub master branch, so the installed code is outside the provided artifact set and can change over time.
curl -fsSL https://raw.githubusercontent.com/Chordlini/localsend-cli/master/localsend-cli -o ~/.local/bin/localsend-cli chmod +x ~/.local/bin/localsend-cli
Install from a trusted release or pinned commit when possible, and review the downloaded CLI before making it executable.
If you select the wrong file or device, local files could be sent to an unintended nearby recipient.
The skill is designed to send user-selected local files through a CLI, with a confirmation step before transfer; this is expected for the purpose but still gives the agent file-transfer authority during the flow.
User provides file path or sends a file via chat ... Confirm with buttons: ... ✅ Send
Confirm the target device, file name, and file size before pressing Send.
Transfers should be limited to trusted local networks and recognizable devices.
The referenced LocalSend receive flow uses local peer communication with self-signed certificates and skipped certificate verification, so trust depends on the local network/device selection rather than standard certificate validation.
Run HTTPS server on port 53317 ... Each device uses a self-signed TLS certificate; clients skip verification.
Use this only on networks you trust, and verify device names/IP addresses before sending or receiving files.