File Sender

Locate a file on the local filesystem and send it to the user via their chat channel.

Workflow

1. Understand the request — Identify which file the user wants. May be a name, partial path, or description.
2. Search for the file — Use find or locate to locate it. Search is read-only; never modify, move, or delete files.
3. Confirm with the user — If multiple matches exist, list them and ask which one to send. If the path is ambiguous, confirm before sending.
4. Send the file — Run the bundled script:

python3 scripts/send_file.py "<file_path>" --target <chat_id> --channel <channel>

Flags

Flag	Description
--channel	Target channel: telegram, discord, whatsapp, signal, slack (default: telegram)
--target	Recipient: chat id, @username, phone number
--force-document	Send as document instead of media (preserves original, no compression). Use for PDFs, code files, archives.

Examples

# Send a PDF to Telegram
python3 scripts/send_file.py "/home/user/doc.pdf" --target 113175206 --channel telegram --force-document

# Send an image (let Telegram display it natively)
python3 scripts/send_file.py "~/Photos/cat.jpg" --target 113175206 --channel telegram

File Search

Use shell commands to locate files. Prefer find with -readable flag:

find / -name "filename*" -readable -type f 2>/dev/null

Or search by partial name or extension:

find ~ -iname "*budget*" -type f 2>/dev/null

Constraints

• Read-only: Never modify, move, or delete files during search or delivery.
• Size limit: Telegram caps files at 50 MB. Warn the user if a file exceeds this.
• Permissions: Only send files the agent can read. If access is denied, inform the user.
• Confirmation: Always confirm the file path with the user before sending, unless the path was explicitly provided.

Security Behavior

Marco (owner) has full access to ALL his files, including sensitive ones.

The agent should:

• ✅ Send any file Marco explicitly requests — documents, IDs, certificates, keys, anything
• ✅ Trust that Marco knows what he's asking for — don't lecture or refuse
• ✅ Just confirm the file if there's ambiguity ("which one?") and send it

The agent should NOT:

• ❌ Refuse to send Marco's own files with "I can't send sensitive documents"
• ❌ Add unnecessary warnings about security for routine requests
• ❌ Block access to Marco's own data

Actual threats to protect against:

• Someone else in a group chat asking for Marco's files → refuse and notify Marco
• External/unauthorized requests → verify identity before sending
• Credentials in ~/Documenti/credentials/ → use encrypted send flow (cred_manager.py)

In direct chat with Marco: he's the owner, full access, no questions asked.

Multi-Channel Support

The skill is channel-agnostic. To support a new channel, pass the appropriate --channel value:

• telegram — Uses openclaw message send --media
• discord — Same command, different channel
• whatsapp — Same command, target is E.164 phone number
• signal — Same command, target is E.164 phone number
• slack — Same command, target is channel/user

The user's preferred channel and target ID can be stored in TOOLS.md for convenience.

Encrypted Credentials

Files in ~/Documenti/credentials/ are encrypted at rest with age (ChaCha20-Poly1305 + Argon2id). They are never indexed by the RAG system.

📥 Incoming File Policy (MANDATORY)

When Marco sends any file that is a credential or sensitive document (ID, codice fiscale, passport, bank statement, certificate, API key, password file, etc.):

1. Download the file to a temp location (e.g. /tmp/)
2. Encrypt it immediately with cred_manager.py encrypt <file>
3. Move the .age file to ~/Documenti/credentials/
4. Delete the plaintext from temp
5. Confirm to Marco that the file is stored encrypted

When Marco sends a non-sensitive file (photo, meme, code snippet, etc.):

• Handle normally — no encryption needed.

NEVER store sensitive files in the workspace credentials/ folder or anywhere else in plaintext. The canonical encrypted store is always ~/Documenti/credentials/.

Workflow

1. User stores a credential file → cred_manager.py encrypt <file> → plaintext deleted, .age file kept
2. User requests a credential via chat → agent decrypts to memory only → sends via pipe → securely wipes temp

Commands

# Encrypt a local file (plaintext deleted after encryption)
python3 scripts/cred_manager.py encrypt ~/path/to/api-key.txt

# Encrypt but keep original
python3 scripts/cred_manager.py encrypt ~/file --keep

# Receive a file (e.g. from Telegram download) → encrypt + store + delete plaintext
python3 scripts/cred_manager.py receive /tmp/downloaded-file.pdf --name "bank-statement"

# List encrypted files
python3 scripts/cred_manager.py list

# Decrypt to stdout (inspection)
python3 scripts/cred_manager.py decrypt ~/Documenti/credentials/api-key.txt.age

# Decrypt and send via Telegram (plaintext NEVER touches disk)
python3 scripts/cred_manager.py send ~/Documenti/credentials/api-key.txt.age -t 113175206

Security Model

Layer	Protection
Encryption	age X25519 + ChaCha20-Poly1305 (keypair, no passphrase)
Keypair	Private: ~/.local/share/local-rag/cred-key.txt (chmod 600)
Storage	~/Documenti/credentials/*.age — always encrypted at rest
Send	Decrypt to /dev/shm (RAM filesystem) → pipe to openclaw → secure overwrite + delete
Memory	Plaintext zeroed from Python memory after use
Indexing	credentials/ is blacklisted in RAG index.py
Indexing	credentials/ is blacklisted in RAG index.py

Constraints

• NEVER store plaintext in ~/Documenti/credentials/
• NEVER store plaintext credentials anywhere — workspace credentials/, /tmp/, or elsewhere
• NEVER index credentials/ directory
• NEVER leave sensitive files in the workspace after encryption
• No passphrase needed — uses age keypair (private key at ~/.local/share/local-rag/cred-key.txt, chmod 600)
• ALWAYS confirm with user before sending credentials
• If /dev/shm is unavailable, fall back to tmpdir with 0600 permissions
• Secure delete: overwrite file with zeros, flush, then remove