ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PrivateBin Upload Skill

v1.0.0

Upload content to a PrivateBin instance and return a shareable link. Use when the user wants to share text, code, reports, or files via paste URL with option...

0· 374·0 current·0 all-time
by@kafcoppelia
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md explicitly uses the privatebin CLI to create pastes, references the config (~/.config/privatebin/config.json), and supports expected options (expiry, password, burn-after-reading). The package.json dependency on privatebin-cli aligns with the stated purpose.
Instruction Scope
Instructions stay within upload scope (check CLI, read user-provided file or stdin, run privatebin create --output=json, parse paste_url). They do instruct reading a file path supplied by the user and the PrivateBin config file, which is expected; there is an inherent privacy risk because uploads go to the configured host (default privatebin.net or any host the config/flags specify).
Install Mechanism
No install spec is included (instruction-only skill). The README documents normal ways to install the privatebin CLI from known sources (brew, package manager, GitHub releases). Nothing in the skill downloads arbitrary code or writes unexpected files.
Credentials
The skill requests no environment variables, secrets, or unrelated credentials. It operates via the privatebin CLI and the user's PrivateBin config. No excessive credential access is required.
Persistence & Privilege
always:false and no special permissions; the skill does not request persistent or platform-wide privileges and does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: it relies on your local privatebin CLI and your PrivateBin config to upload content and return a link. Before using it, verify: (1) the privatebin CLI you install comes from the official project or repository, (2) the configured PrivateBin host (~/.config/privatebin/config.json or the --host flag) is trusted — uploads go to that host and may be visible to the host operator, (3) you should not upload secrets or private data unless you intend that recipient/host to have access, and (4) if you want tighter privacy use password protection or burn-after-reading and confirm the paste URL before sharing. The skill itself requests no unrelated credentials and does not perform unexpected actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk9746rdb332k899wttmyh5zgns823dnp
374downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
@kafcoppelia
latest
Download

PrivateBin Upload Skill

When to Use

Use this skill when:

  • User wants to upload/share text, code, reports, or files via a paste link
  • User mentions "paste", "privatebin", "shareable link", "burn after reading", or "password-protect"
  • User needs expiry-controlled or one-time viewing sharing

Do NOT use this skill when:

  • User only wants to read an existing paste (use privatebin show <url> directly)
  • No content or file has been identified to upload
  • User is asking about PrivateBin in general without intent to upload

Input / Output

Input:
  content:    string | file_path   # text/code to upload, or file path
  formatter?: plaintext | markdown | syntaxhighlighting  # default: plaintext
  expire?:    5min | 10min | 1hour | 1day | 1week | 1month | 1year | never
  burn_after_reading?: boolean     # default: false
  password?:  string               # ask user if requested
  attachment?: boolean             # true for binary/image/archive files
  bin?:       string               # named instance from config

Output:
  paste_url:  string   # shareable link to present
  expire:     string   # expiry setting used
  password?:  string   # echoed back if set

Steps

  1. Check CLI — Run privatebin --version. If not found, install privatebin-cli and stop until user resolves it.

  2. Check config — Verify ~/.config/privatebin/config.json exists. If missing, run:

    privatebin init                                 # default: privatebin.net
privatebin init --host https://bin.example.com  # custom host

  3. Determine parameters — Infer formatter, expiry, attachment from context. Use defaults (plaintext, 1day) if unspecified. Ask for password only if user requested it.

  4. Run upload — Use --output=json as global flag (before create):

    # Text/code via stdin
printf '%s' "<content>" | privatebin --output=json create [flags]

# From file
privatebin --output=json create --filename=/path/to/file [flags]

# File attachment
privatebin --output=json create --attachment --filename=/path/to/file [flags]

  5. Parse response — Extract paste_url from JSON:

    { "paste_id": "...", "paste_url": "https://bin.example.com?id#key", "delete_token": "..." }

  6. Confirm — Present paste_url, expiry, and password (if set) to user.

Common Flags

FlagExampleUse Case
Formatter--formatter=markdownMarkdown reports
Expiry--expire=10minQuick share
Burn--burn-after-readingOne-time secret
Password--password=secretAccess control
Attachment--attachmentBinary/image files

On Failure

ErrorAction
CLI not foundGuide user to install (see README.md)
no privatebin instance configuredRun privatebin init --host <url> --force
Rate limitWait 10s, retry once. If fails again, report to user
Upload errorShow error message. Check host URL, network, config

Comments

Loading comments...