ssh_file_manager

v1.0.0

Manage files on remote machines over Tailscale SSH (Tailnet). Use this skill when the user needs to list, read, write, delete, move, copy, search, chmod, pus...

⭐ 0· 68·0 current·0 all-time

by@xeon0v0

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xeon0v0/ssh-filemanager.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "ssh_file_manager" (xeon0v0/ssh-filemanager) from ClawHub.
Skill page: https://clawhub.ai/xeon0v0/ssh-filemanager
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ssh-filemanager

ClawHub CLI

Package manager switcher

npx clawhub@latest install ssh-filemanager

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

Name/description match the included scripts: both ssh_file_manager.py and ssh_tunnel.py implement remote file ops over SSH/SCP. However, the registry metadata declares no required binaries, while the skill clearly depends on system 'ssh', 'scp', and 'python3' being present; that omission is an incoherence you should fix/verify before installing.

Instruction Scope

SKILL.md instructs the agent to run the included helper scripts and to enforce safety rules (ask for confirmation on destructive ops, path sanitization, and a fallback when remote Python is missing). The actual scripts do not implement path traversal protection (they only escape single quotes) nor do they implement an explicit 'do not traverse above /' check or an automatic fallback when remote Python is missing. In short: operational safety is documented but not enforced by the code.

ℹ

Install Mechanism

There is no install spec (instruction-only), which is low-risk. The package nonetheless includes two executable Python scripts that the agent will invoke from disk; ensure the runtime will run these local files and that you trust their contents (we reviewed them here).

✓

Credentials

The skill requests no environment variables or credentials, which is proportional to its stated purpose. It relies on existing SSH auth (keys/agent/authorized access) provided by the environment — expected for an SSH-based tool.

✓

Persistence & Privilege

always is false and the skill is user-invocable. Autonomous invocation is allowed (platform default) but not combined with elevated persistence. Nothing in the package attempts to modify other skills or global agent configuration.

Assessment

This skill appears to do what it says (remote file management over SSH), but check a few things before enabling it: 1) Ensure the runtime has ssh, scp, and python3 available — the registry metadata omits these requirements. 2) Be aware the scripts use StrictHostKeyChecking=accept-new (they will auto-accept new host keys), which eases first-time connections but can increase MITM risk on initial contact. 3) The SKILL.md promises path-sanitization and a fallback when remote Python is missing, but the code only escapes single quotes and does not prevent '..' traversal or implement a fallback — treat user-supplied paths carefully and always confirm destructive operations. 4) Because the agent will execute SSH/SCP commands using whatever SSH identity it has access to, only enable this skill if you trust the agent's environment and the set of reachable Tailnet hosts. If you want higher assurance, run the scripts in a restricted environment or manually review and test them on a non-production node first.

Like a lobster shell, security has layers — review code before you run it.

latestvk975qaaz80zezdq0ajtqzcxp0d84xr0f

68downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

Tailnet SSH File Manager

Overview

This skill enables file management between the OpenClaw Gateway and remote OpenClaw Nodes through Tailscale SSH (Tailnet). It wraps system ssh, scp, and sftp commands via the helper script scripts/ssh_file_manager.py.

Pre-requisites

The local machine (Gateway) must be connected to the same Tailnet as the target node.
Tailscale SSH must be enabled on the target node and allowed by Tailscale ACLs.
The target node must be reachable via its Tailscale IP or MagicDNS hostname (e.g. node-name.tailXXXX.ts.net).

Workflow

Determine the remote node's Tailscale identifier (host). Ask the user if it is ambiguous.
Determine the requested operation (action) and the relevant path(s).
File size check:
- If reading/writing text content and the estimated size is < 3KB, you may use read or write with inline content.
- If the file is >= 3KB, or if transferring binary files, always use push (local -> remote) or pull (remote -> local) via scp.

Run the helper script:

python3 {baseDir}/scripts/ssh_file_manager.py <action> --host <host> [args...]

Parse the JSON output and present results to the user. If success is false, surface the error message.

Supported Actions

Action	Description	Command Example
`list`	List directory entries with size, mode, and mtime.	`python3 {baseDir}/scripts/ssh_file_manager.py list --host node.tailXXXX.ts.net --path /home/user`
`read`	Read a remote file as text or base64.	`python3 {baseDir}/scripts/ssh_file_manager.py read --host node.tailXXXX.ts.net --path /home/user/file.txt`
`write`	Write text or base64 content to a remote file.	`python3 {baseDir}/scripts/ssh_file_manager.py write --host node.tailXXXX.ts.net --path /home/user/file.txt --content "Hello"`
`delete`	Delete a remote file or directory recursively.	`python3 {baseDir}/scripts/ssh_file_manager.py delete --host node.tailXXXX.ts.net --path /home/user/old.txt`
`move`	Move/rename a remote file or directory.	`python3 {baseDir}/scripts/ssh_file_manager.py move --host node.tailXXXX.ts.net --src /tmp/a --dst /tmp/b`
`copy`	Copy a remote file or directory recursively.	`python3 {baseDir}/scripts/ssh_file_manager.py copy --host node.tailXXXX.ts.net --src /tmp/a --dst /tmp/b`
`stat`	Get file metadata (size, mode, uid, gid, mtime, is_dir).	`python3 {baseDir}/scripts/ssh_file_manager.py stat --host node.tailXXXX.ts.net --path /home/user/file.txt`
`find`	Search for files by name pattern under a path.	`python3 {baseDir}/scripts/ssh_file_manager.py find --host node.tailXXXX.ts.net --path /home/user --name "*.log"`
`chmod`	Change file permissions.	`python3 {baseDir}/scripts/ssh_file_manager.py chmod --host node.tailXXXX.ts.net --path /home/user/script.sh --mode 755`
`push`	Copy a local file to the remote node via scp.	`python3 {baseDir}/scripts/ssh_file_manager.py push --host node.tailXXXX.ts.net --local /tmp/local.bin --remote /tmp/remote.bin`
`pull`	Copy a remote file to the local machine via scp.	`python3 {baseDir}/scripts/ssh_file_manager.py pull --host node.tailXXXX.ts.net --remote /tmp/remote.bin --local /tmp/local.bin`

Safety Rules

Destructive operations (write, delete, move, chmod): Always ask the user for explicit confirmation before invoking the script.
Payload limit: Do not attempt to inline base64-encode files larger than 3KB through OpenClaw's node.invoke. Use push/pull (scp) instead.
Path sanitization: Do not traverse above / unless explicitly requested. Verify absolute paths when provided by the user.
Connection check: If a command fails with a connection error, you may first run python3 {baseDir}/scripts/ssh_tunnel.py check --host <host> to verify Tailscale SSH reachability.

Edge Cases

Target host offline or not in the tailnet -> connection timeout. Run ssh_tunnel.py check to diagnose.
Permission denied -> user lacks SSH/ACL access or file permissions on the remote node.
Remote path does not exist -> script returns success: false with details.
Binary file read -> use read with --format base64.
Remote node missing Python 3 -> list and stat may fail; fallback to raw ssh commands if needed.

Comments

Loading comments...