Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent-to-Owner File Bridge
v3.0.2Use this skill whenever an AI agent needs to share files, export results, upload outputs, or send data to its owner. Securely uploads files from the agent's...
⭐ 2· 674·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description match the instructions: the skill is meant to upload files to a bridge server and return links. However registry metadata claims 'no required env vars' while SKILL.md documents API_KEY and SERVER_URL as required in practice — that mismatch should be resolved. Requiring a server URL and API key is reasonable for this purpose, but the need to copy/run server.py from a remote repo (not included) is an additional capability not obvious from the registry metadata.
Instruction Scope
The SKILL.md instructs the agent to fetch/copy server.py from the referenced GitHub repo, generate and write an API key to .env in the agent workspace, run the server, and optionally open a public tunnel. Those actions let the agent fetch and execute remote code and expose a local service to the public — all sensitive operations. The document relies on explicit user confirmations for each step, but that is an instruction-level guard (not a platform-enforced guarantee).
Install Mechanism
There is no install spec or bundled server code; the agent is expected to pip install flask and pull server.py from the repo at runtime. That requires executing code fetched from a third party (GitHub) in the agent workspace. Running unvetted code and opening tunnels increases risk compared to an instruction-only skill that performs only local actions.
Credentials
Requesting API_KEY and SERVER_URL is proportional to a file-upload bridge. But the registry metadata lists no required env vars while SKILL.md documents them, creating an incongruity. The SKILL.md's recommendation to generate and store API keys in .env in the agent workspace is functional but has confidentiality implications (secrets stored on the agent side); rotating/deleting keys after the session is recommended.
Persistence & Privilege
The skill does not request always:true and uses the normal autonomous-invocation model. The bigger concern is that autonomous invocation plus the ability to fetch/execute a server and open public tunnels widens the blast radius if approvals are not strictly enforced by the user. The SKILL.md says every step requires explicit approval, but that is an instruction-level constraint, not an enforced platform guarantee.
What to consider before installing
This tool can be useful, but proceed cautiously. Prefer Manual Mode: host the bridge on infrastructure you control and only give the agent the Server URL and API key. If you consider Autonomous Mode: (1) review the linked GitHub repository and the exact server.py/index.php source before allowing the agent to fetch or run it, (2) do not approve running the server or opening a public tunnel unless you understand the exposure (public tunnels make the agent workspace reachable over the Internet), (3) avoid uploading sensitive secrets or credentials through the bridge, (4) require HTTPS and proper server-side checks on your hosted endpoint, and (5) if you must use an API key created by the agent, rotate and delete it after the session. The metadata mismatch about required env vars is also worth clarifying with the skill author before trusting the skill.Like a lobster shell, security has layers — review code before you run it.
automationvk974n2hjw1bs9s9rwsjkjxavcd82a0gtbridgevk974n2hjw1bs9s9rwsjkjxavcd82a0gtfile-uploadvk974n2hjw1bs9s9rwsjkjxavcd82a0gtlatestvk974n2hjw1bs9s9rwsjkjxavcd82a0gtutilityvk974n2hjw1bs9s9rwsjkjxavcd82a0gt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.