ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Temp Access Link

v1.0.0

Generate secure, time-limited access links for file sharing with automatic expiration.

0· 79·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim: generate time-limited access links. SKILL.md and openapi.json consistently describe endpoints for generating links, uploading files, and serving files at api.mkkpro.com. This functionality is coherent with the stated purpose. However, the skill provides no server/auth configuration in openapi.json and declares no required credentials or API key despite referencing a paid service and an API gateway — this omission is unexpected and reduces trust.
Instruction Scope
SKILL.md instructions are scoped to the stated task: POST /generate-link, POST /upload-file (multipart), GET /access/{token}, GET /files/{filename}. The instructions do not tell the agent to read unrelated local files, environment variables, or system configuration. The main scope concern is that the instructions implicitly require uploading file contents to a third-party endpoint, which is consistent with the purpose but important to surface to users.
Install Mechanism
No install spec and no code files beyond documentation; this is low-risk from an install perspective because nothing is written to disk by the skill itself. The skill will rely on the agent making outbound HTTP requests at runtime.
!
Credentials
The skill declares no required environment variables or primary credential. Yet the SKILL.md references an external API (api.mkkpro.com), pricing plans, and a Kong route. For a paid/cloud API that can receive file uploads, it is typical to require an API key or other credentials; the absence of any declared auth is inconsistent and suspicious. Additionally, users must be aware that using the skill will send file contents and file URLs to a third-party service (possible data exfiltration risk) even though no credentials are requested.
Persistence & Privilege
Skill flags are default: always:false and model-invocation allowed. The skill does not request persistent system modifications or special privileges. No persistence-related concerns detected.
What to consider before installing
This skill routes file uploads and link generation through an external service (api.mkkpro.com / toolweb.in). Before installing or using it, consider: (1) The skill declares no API key or auth method — confirm whether the service requires account credentials and whether the author omitted them intentionally. (2) Any file you upload (especially sensitive documents) will be transmitted to a third-party host; verify the provider's identity, privacy policy, retention rules, and compliance posture. (3) Ask the skill author for proof of ownership, source code, or a trustworthy homepage; prefer a self-hosted or internally auditable alternative for highly sensitive data. If you must use it, test with non-sensitive files and use a dedicated account/contracted plan to limit blast radius.

Like a lobster shell, security has layers — review code before you run it.

latestvk971119g641x585gkt5hdmmdh183fc42
79downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

The Temporary Access Link Generator is a security-focused API that enables the creation of time-limited, single-use or restricted-access links for secure file distribution. Built with security best practices, this tool allows organizations to share sensitive files without exposing permanent URLs or relying on third-party file-sharing services.

Key capabilities include generating expiring access tokens, uploading files with automatic link generation, and serving files through secured token-based access. This is ideal for security teams needing to distribute sensitive documentation, incident reports, or confidential materials to authorized recipients with guaranteed expiration windows.

The tool is particularly valuable for compliance scenarios, incident response workflows, and any situation where time-bound access to files is required. All access is tracked and automatically revoked after the specified expiration period.

Usage

Generate a temporary access link for an existing file:

{
  "file_url": "https://storage.example.com/documents/report.pdf",
  "expire_minutes": 30
}

Sample Response:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "access_url": "https://api.mkkpro.com/tools/temp-access-link/access/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_at": "2024-01-15T14:30:00Z",
  "status": "success"
}

Upload a file and receive an access link:

Request: Multipart form with binary file attachment

Sample Response:

{
  "filename": "sensitive_audit.pdf",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "access_url": "https://api.mkkpro.com/tools/temp-access-link/access/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "status": "uploaded"
}

Endpoints

POST /generate-link

Generates a temporary access token for an existing file URL with automatic expiration.

Parameters:

NameTypeRequiredDescription
file_urlstringYesThe full URL of the file to create access link for
expire_minutesintegerYesNumber of minutes until the link automatically expires

Response: JSON object containing token, access_url, expires_at timestamp, and status

Status Codes:

  • 200 - Link generated successfully
  • 422 - Validation error (missing or invalid parameters)

POST /upload-file

Uploads a file and automatically generates a temporary access link for it.

Parameters:

NameTypeRequiredDescription
filebinaryYesThe file to upload (multipart/form-data)

Response: JSON object containing filename, token, access_url, and upload status

Status Codes:

  • 200 - File uploaded and link generated successfully
  • 422 - Validation error (missing file or invalid format)

GET /access/{token}

Retrieves file metadata and verifies token validity for access authorization.

Parameters:

NameTypeRequiredDescription
tokenstringYesThe access token generated by /generate-link or /upload-file endpoint

Response: JSON object containing file metadata, expiration status, and download information

Status Codes:

  • 200 - Token valid, access granted
  • 422 - Validation error (invalid token format)

GET /files/{filename}

Serves the file content for a valid token-based access request.

Parameters:

NameTypeRequiredDescription
filenamestringYesThe name of the file to retrieve (typically obtained from /access/{token} response)

Response: File binary content with appropriate content-type header

Status Codes:

  • 200 - File served successfully
  • 422 - Validation error (invalid filename)

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Comments

Loading comments...