Node Transfer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do real node-to-node file transfer, but it gives broad remote file read/write and deployment power and uses tokenized plain HTTP for file contents.
Install only if you need node-to-node file transfer and trust the code and publisher. Before each use, confirm the exact source/destination nodes and paths, run it only on trusted or encrypted networks, review generated PowerShell before deployment, and remove the persistent helper scripts when no longer needed.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong node or path, the agent could copy sensitive files or write large files to unintended locations.
The skill instructs the agent to run remote commands on source and destination nodes using caller-provided node IDs and file paths, enabling broad file reads and writes without artifact-defined scoping controls.
async function transferFile(sourceNode, destNode, sourcePath, destPath) ... command: ['node', `${INSTALL_DIR}/send.js`, sourcePath] ... command: ['node', `${INSTALL_DIR}/receive.js`, senderInfo.url, senderInfo.token, destPath]Only allow transfers after confirming the exact source node, destination node, source path, and destination path; consider adding allowlists, maximum sizes, and explicit user approval.
A malicious or malformed install path could alter the generated PowerShell and run unintended commands on the target node.
The deployment script embeds a user/environment-provided target directory directly into generated PowerShell that is intended to be executed on a node; the artifact does not show robust quoting or escaping for PowerShell metacharacters.
const targetDir = args[1] || process.env.TRANSFER_TARGET_DIR || 'C:/openclaw/skills/node-transfer/scripts'; ... New-Item -ItemType Directory -Force -Path "${scriptsDir.replace(/\//g, '\\')}"Review generated deployment scripts before running them, avoid custom target directories from untrusted text, and update the skill to safely quote/escape PowerShell arguments.
Anyone able to observe traffic on the network could see the file contents or token during a transfer.
The sender listens on all interfaces and serves files over plain HTTP with a token parameter; this authenticates access but does not encrypt the token or transferred file contents.
const reqToken = reqUrl.searchParams.get('token'); ... server.listen(args.port, '0.0.0.0', () => { ... const url = `http://${ip}:${port}/transfer`; })Use this only on trusted networks or behind VPN/TLS protections, and avoid transferring sensitive files unless transport encryption is added.
The helper scripts remain available for later use by agents with node command access.
The skill intentionally leaves helper scripts installed on nodes for future transfers; this is disclosed and aligned with the performance goal, but it is persistent node-side code.
Install Once, Run Many - Scripts persist on nodes after first deployment
Track which nodes have the scripts installed and remove them when no longer needed.
Installing the skill may let the agent use existing node privileges to move files between machines.
The workflow depends on the agent already having command-execution authority on both OpenClaw nodes.
await nodes.invoke({ node: 'E3V3', command: ['node', `${INSTALL_DIR}/send.js`, 'C:/data/file.zip'] }); ... await nodes.invoke({ node: 'E3V3-Docker', command: ['node', `${INSTALL_DIR}/receive.js`, url, token, '/incoming/file.zip'] });Use least-privilege node permissions and limit this skill to agents/users trusted to access both endpoints.
Users have less registry-level context for verifying origin and required runtime setup.
The registry metadata gives limited provenance and does not declare the Node.js/PowerShell-style deployment workflow that the artifacts document.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Required binaries: none
Review the bundled source before use, verify the publisher, and ensure Node.js and the required node execution environment are intentionally available.