Sendme
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent peer-to-peer file transfer skill, but users should confirm exactly which files are shared, protect transfer tickets, and install sendme from a trusted source.
Install sendme only from a trusted package source, use the skill only for files or folders you intentionally want to share, keep transfer tickets private, and run receive commands from a directory where you are comfortable saving incoming files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong folder is chosen, more files than intended could be made available to the recipient.
The skill can direct the agent to run a file-transfer CLI on arbitrary user-provided paths, including entire directories. This is central to the purpose, but accidental broad paths could share more data than intended.
sendme send <path> ... Accepts a file or directory path ... For directories, sendme bundles the entire folder recursively.
Confirm the exact file or folder before sending, avoid broad home or project directories unless intended, and stop the send process when the transfer is complete.
Anyone who receives the ticket while the sender is online may be able to download the shared file or folder.
The transfer ticket functions as the access mechanism for receiving the shared data, and transfers may use relay infrastructure. This is disclosed and purpose-aligned, but users should treat tickets as sensitive.
Outputs a ticket — a long base32-encoded string the recipient needs ... Connection: Direct peer-to-peer with TLS encryption. Falls back to relay servers if direct connection fails.
Share tickets only with the intended recipient, avoid posting them in public or shared logs, and interrupt the sender after the intended transfer finishes.
Using an unintended or compromised package source could install a different binary than expected.
Installing the required CLI is expected for this skill, but the Cargo alternative is unpinned and is not reflected in the registry install specification, which only declares Homebrew.
If `sendme` is not installed: brew install sendme ... Alternatively, install via Cargo: `cargo install sendme`
Prefer the declared Homebrew installation or verify the Cargo package source and version before installing.