ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Share One-Time Link

v1.1.0

Generate public one-shot or time-limited download links for files using a local Express server exposed via Cloudflare Tunnel. Links are tokenized, expire aut...

0· 26·0 current·0 all-time
by@hitman86r
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The requested binaries (node, cloudflared) and included code (Express server + helper script) match the described purpose of serving files locally and exposing them via a Cloudflare Tunnel. However, the registry metadata lists no required environment variables while SKILL.md and the code do require or recommend SHARE_PUBLIC_URL and SHARE_SECRET (and the user must provide a Cloudflare tunnel token when running cloudflared). This metadata omission is an inconsistency but does not imply malicious behavior.
Instruction Scope
SKILL.md instructs the agent/user to run npm install, run a Cloudflare Tunnel, start the local server, and copy files into a shared/ directory; the included scripts do exactly that. The server only serves files from the designated SHARED_DIR and uses tokenized links. A notable behavioral risk: if SHARE_SECRET is not set, /generate and /status are unprotected (the code explicitly warns and allows this), which would let anyone create links for any file placed into shared/. The instructions and code do not read or exfiltrate unrelated system files beyond whatever file the user asks to share.
Install Mechanism
There is no remote download/install step encoded in the registry; this is an instruction‑only skill that bundles Node scripts. The installation described uses 'npm install' to fetch express from the public npm registry — a standard, expected dependency. Nothing in the install flow fetches code from unusual/personal URLs or uses extract-from-arbitrary-URL behavior.
!
Credentials
The skill does not request credentials in the registry metadata, but SKILL.md and the code rely on several environment variables: SHARE_PUBLIC_URL (required in practice to produce usable public links), SHARE_SECRET (recommended to protect /generate and /status), SHARE_PORT, and SHARED_DIR. Additionally, using Cloudflare Tunnel requires a tunnel token during setup (not surfaced as a declared requirement). The mismatch between declared requirements and actual configuration needs could lead to accidental misconfiguration (notably exposing endpoints without a secret).
Persistence & Privilege
The skill does not request permanent platform presence (always:false), does not modify other skills or system-wide agent settings, and does not claim elevated privileges. It runs as a local server process — expected for this functionality.
Assessment
This skill appears to do what it says: run a local Node/Express server and expose files through a Cloudflare Tunnel as one-time links. Before installing or running it, consider: 1) Set a strong SHARE_SECRET (required to protect /generate and /status); if you leave SHARE_SECRET empty the endpoints are unprotected and anyone who can reach the tunnel can create links. 2) Provide a dedicated SHARED_DIR (don’t point it at your workspace root) so you don’t accidentally expose sensitive files. 3) Creating the public tunnel requires a Cloudflare tunnel token — follow your Cloudflare Zero Trust setup and keep the token safe; the skill’s registry metadata does not list this, so you must remember it. 4) 'npm install' will fetch express from npm — run this in a trusted, isolated environment and consider running 'npm audit' before exposing the server publicly. 5) Inspect server.js/start.sh yourself (they are included) and confirm that log output, public URL, and file paths are acceptable. If you need the agent to share files automatically, ensure it’s only given permission to access intended files and that SHARE_SECRET and a locked-down SHARED_DIR are configured. If you’d like, I can produce a checklist of secure configuration steps or a version of the start script that enforces a secret and refuses to run without one.
scripts/share-file.js:25
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aktbt8be7wzjnv2556ypbbh84gmf4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔗 Clawdis
Binsnode, cloudflared

Comments