ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LookupMark File Sender

v1.1.0

Find and send local files to a chat channel (Telegram, Discord, WhatsApp, Signal, Slack). Use when the user asks to receive, send, or share a file from the l...

0· 0·0 current·0 all-time
by@lookupmark
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims no required binaries or credentials, but the script invokes the external CLI binary `openclaw` to deliver files. The SKILL.md also instructs the agent to search the entire filesystem (e.g., find /), which is a powerful capability that should be explicitly declared and justified. The undeclared dependency on `openclaw` and the lack of declared permissions/configuration are incoherent with the advertised 'no requirements'.
!
Instruction Scope
SKILL.md tells the agent to perform a read-only search across the entire filesystem and to use `find`/`locate`. While read-only, this grants access to potentially sensitive files. The doc instructs the agent not to send secrets unless explicitly requested, but does not provide robust automated checks or safe-guards to reliably prevent accidental exfiltration. The instructions also allow sending any file type and ask the agent to confirm ambiguous paths — this depends on correct agent behavior and user confirmation to avoid leaks.
Install Mechanism
There is no install spec (instruction-only), which limits code written to disk at install time. However, the included script executes an external CLI (`openclaw`) at runtime; because the binary is not declared in requirements, the skill's runtime dependency is undocumented. No downloads or archives are used.
!
Credentials
The skill declares no required environment variables or credentials, yet sending messages via `openclaw` will typically rely on the agent/system having configured credentials or tokens for chat integrations. These credentials and any openclaw config are not declared or scoped, so the skill may implicitly access or cause use of existing messaging credentials without the user being made aware.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. However, because autonomous invocation is allowed by default, the agent could be triggered to run filesystem searches and send files without explicit real-time human review; combined with the wide filesystem search this raises operational risk and should be considered when enabling autonomous runs.
What to consider before installing
This skill can locate and send arbitrary local files, which is useful but also risky. Before installing or enabling it: (1) confirm you have and trust the `openclaw` CLI (the script depends on it but the skill doesn't declare it); (2) restrict or audit agent access to sensitive paths (avoid allowing searches across / if you don't want system/private files exposed); (3) require explicit user confirmation before any send, and consider adding automated checks to detect secrets (passwords, API keys) in files; (4) review what credentials/config for messaging are present on the host, since the skill will use them implicitly; and (5) only enable autonomous invocation if you trust the agent's judgment and the environment. If you want lower risk, ask the author to (a) declare `openclaw` as a required binary, (b) add explicit allowed search paths or opt-in behavior for sensitive directories, and (c) add server-side or local checks to avoid accidental secret exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97erdmmwgq8jbwzmc5bww8tjx8449h6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

File Sender

Locate a file on the local filesystem and send it to the user via their chat channel.

Workflow

  1. Understand the request — Identify which file the user wants. May be a name, partial path, or description.
  2. Search for the file — Use find or locate to locate it. Search is read-only; never modify, move, or delete files.
  3. Confirm with the user — If multiple matches exist, list them and ask which one to send. If the path is ambiguous, confirm before sending.
  4. Send the file — Run the bundled script:
python3 scripts/send_file.py "<file_path>" --target <chat_id> --channel <channel>

Flags

FlagDescription
--channelTarget channel: telegram, discord, whatsapp, signal, slack (default: telegram)
--targetRecipient: chat id, @username, phone number
--force-documentSend as document instead of media (preserves original, no compression). Use for PDFs, code files, archives.

Examples

# Send a PDF to Telegram
python3 scripts/send_file.py "/home/user/doc.pdf" --target 113175206 --channel telegram --force-document

# Send an image (let Telegram display it natively)
python3 scripts/send_file.py "~/Photos/cat.jpg" --target 113175206 --channel telegram

File Search

Use shell commands to locate files. Prefer find with -readable flag:

find / -name "filename*" -readable -type f 2>/dev/null

Or search by partial name or extension:

find ~ -iname "*budget*" -type f 2>/dev/null

Constraints

  • Read-only: Never modify, move, or delete files during search or delivery.
  • Size limit: Telegram caps files at 50 MB. Warn the user if a file exceeds this.
  • Permissions: Only send files the agent can read. If access is denied, inform the user.
  • No secrets: Do not send files containing passwords, API keys, or tokens unless the user explicitly requests it.
  • Confirmation: Always confirm the file path with the user before sending, unless the path was explicitly provided.

Multi-Channel Support

The skill is channel-agnostic. To support a new channel, pass the appropriate --channel value:

  • telegram — Uses openclaw message send --media
  • discord — Same command, different channel
  • whatsapp — Same command, target is E.164 phone number
  • signal — Same command, target is E.164 phone number
  • slack — Same command, target is channel/user

The user's preferred channel and target ID can be stored in TOOLS.md for convenience.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…