ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kimi文件传输

将本地最多5个文件发送到当前Kimi对话中供用户下载,支持任意类型文件。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 245 · 1 current installs · 1 all-time installs
by@chongjie-ran
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the SKILL.md: the skill's goal is to send up to 5 local files into the current Kimi conversation. Nothing in the metadata or SKILL.md requests unrelated services, binaries, or credentials.
!
Instruction Scope
The SKILL.md tells the agent to call kimi_upload_file(paths=[...]) to send arbitrary local files. That is in-scope for a file-transfer skill, but the instructions are terse and grant the agent authority to read and upload any local path the user names (examples include paths like memory/db-ai-agent-strategy.md). There are no explicit constraints, confirmation steps, or warnings about sensitive files, so the agent could easily be used to exfiltrate secrets or internal state without safeguards.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes install risk because nothing is written to disk by the skill bundle itself.
Credentials
No environment variables, credentials, or config paths are requested. However, the skill implicitly depends on a tool (kimi_upload_file) and on the agent having filesystem access and upload capability. The SKILL.md does not document what permissions the kimi_upload_file tool requires or who can access uploaded files.
Persistence & Privilege
always is false and there is no install behavior that would make the skill persistent or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges here.
What to consider before installing
This skill appears to do what it says (upload local files to the Kimi conversation) but the runtime instructions allow the agent to read and upload any local path you specify — including possibly sensitive internal files (agent memory, credentials, logs). Before installing or using it, verify: (1) what the kimi_upload_file tool does and who can access the uploaded files on the server, (2) that the agent will prompt for explicit confirmation before uploading sensitive paths, and (3) you avoid naming or auto-sending files that contain secrets (API keys, ~/.ssh, agent memory or database files). If you need stricter safety, request that the skill author add explicit confirmation steps, a whitelist of allowed directories, or a preview of files to be uploaded.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
file-transfervk976f63zg723jbt7cmnsawrrgx8200crkimivk976f63zg723jbt7cmnsawrrgx8200crlatestvk976f63zg723jbt7cmnsawrrgx8200cruploadvk976f63zg723jbt7cmnsawrrgx8200cr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Kimi文件传输 | kimi-file-transfer

将本地文件发送到Kimi对话中供用户下载。

作者

SC&Chongjie

功能

  • 将本地文件发送到当前Kimi对话
  • 支持任意文件类型
  • 每次最多5个文件

触发词

"发送文件给我"
"传输文件"
"文件到Kimi"
"上传文件到对话"

使用方法

方式1: 直接对话中请求

用户: SC,把 memory/db-ai-agent-strategy.md 发给我
SC: (自动调用工具传输文件)

方式2: 指定多个文件

用户: 把 these files 发给我: file1.md, file2.pdf

技术实现

# 使用 kimi_upload_file 工具
kimi_upload_file(paths=["/path/to/file.md"])

适用场景

  1. 文档共享: 将本地Markdown/文档发送到对话
  2. 素材传输: 图片、PDF等文件快速传输
  3. 代码分享: 直接发送代码文件到对话

限制

  • 每次最多5个文件
  • 文件必须在本地可访问
  • 支持任意文件类型

更新日志

v1.0.0 (2026-02-28)

  • 初始版本发布
  • 支持单文件/多文件传输

联系作者

如有问题或建议,欢迎反馈!

Skill by SC&Chongjie 🤖

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…