File Uploader
v1.0.0Upload a local file to Astron Claw Bridge and return a public download URL.
⭐ 0· 91·1 current·1 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the code: the script uploads a local file to an Astron Claw Bridge endpoint and returns a download URL. However, the registry metadata declared no required config paths or credentials while the code and SKILL.md explicitly depend on /root/.openclaw/openclaw.json (discrepancy).
Instruction Scope
SKILL.md and the script instruct the agent to read /root/.openclaw/openclaw.json for host and token and then POST the local file to the bridge. Reading that specific agent config path (and using its token) expands scope beyond a simple uploader and is not declared in the skill metadata.
Install Mechanism
No install spec; this is an instruction-only skill with one Python script that requires the 'requests' package. Nothing is downloaded from external untrusted URLs during install.
Credentials
The skill uses an authentication token and host read from an agent config file but declares no required env vars or config paths. Accessing a token from /root/.openclaw/openclaw.json is sensitive and not reflected in the declared requirements — disproportionate and undeclared credential access.
Persistence & Privilege
always:false and no persistence are fine, but the script accesses the agent's config (plugins entries) and extracts a plugin token. The skill therefore reads credentials/config belonging to other agent components, which is a privileged operation and should have been declared and consented to.
What to consider before installing
This skill will read /root/.openclaw/openclaw.json to get a bridge host and bearer token, then upload whatever local file you point it at to that remote server. Before installing or running it: 1) Verify you trust the skill author (source/homepage unknown here). 2) Inspect your /root/.openclaw/openclaw.json to confirm the token and bridge are expected and that you want to allow uploads with that token. 3) Never upload sensitive files (credentials, private keys, secrets) with this tool. 4) Prefer a version of the skill that declares the config path/credential requirement in metadata or that accepts explicit host/token parameters rather than silently reading agent config. If you need to proceed, consider running it in an isolated environment or container and review the uploaded file and destination first.Like a lobster shell, security has layers — review code before you run it.
latest
uploader
Upload a local file to Astron Claw Bridge Server and return a publicly accessible download URL. Supports images, audio, video, documents and other file types.
When to Use
✅ USE this skill when:
- When the user wants to obtain the file.
- When the user needs a download URL for a local file (image, audio, video, document, etc.).
- When the user wants to generate an external link for embedding in markdown or web pages.
When NOT to Use
❌ DON'T use this skill when:
- When the user only wants to read or view a local file without uploading.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| file | string | Yes | Absolute or relative path to the local file to upload |
| --session-id | string | No | Optional session ID for the upload |
Commands
Basic Call
python3 scripts/upload_media.py '/path/to/file.png'
With Session ID
python3 scripts/upload_media.py '/path/to/file.png' --session-id 'my-session'
Examples
"Help me upload this image and get a link."
python3 scripts/upload_media.py './screenshot.png'
"Upload this PDF document."
python3 scripts/upload_media.py './report.pdf'
Response
Script outputs upload result to stdout:
fileName: screenshot.png
mimeType: image/png
fileSize: 102400
sessionId: abc123
downloadUrl: http://.../<path>/<filename>
Notes
- Host and token are auto-read from
/root/.openclaw/openclaw.json, no need to pass at runtime - Requires
requestspackage:pip install requests
Comments
Loading comments...