Expiring Local Fileshare
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a real local filesharing helper, but active share tokens are stored in a predictable /tmp log and the sharing server keeps running until stopped.
Review this skill before installing if you use a shared machine or sensitive workspace files. If you use it, share only intended files, keep expirations short, stop the printed server PID when done, and be aware that the active link may be written to /tmp while the share is running.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A selected workspace file can be downloaded over the local network while the share is active.
The skill opens an HTTP server on all interfaces and creates a bearer-token URL. That is expected for the filesharing purpose, but users should understand it makes the chosen file reachable from allowed local/VPN networks by anyone with the token.
server.listen(port, '0.0.0.0', () => { ... const shareUrl = `http://${localIp}:${port}/?token=${token}`;Only share files you intend to expose, use short expirations or one-time links where appropriate, and avoid sharing from untrusted networks.
Another local user or process that can read the temp log may obtain the active link and download the shared file until the token expires.
The wrapper writes the server output, including the tokenized share link, to a predictable /tmp log and then reads the link back from that file. The artifacts do not show chmod, cleanup, or another protection for that bearer token.
node "$SHARE_SCRIPT" "$FILE_PATH" "$PORT" "$HOURS" "$ONCE" > /tmp/share-$PORT.log 2>&1 & ... LINK=$(grep "Link:" /tmp/share-$PORT.log
Store the log in a private directory with restrictive permissions, remove the token from logs after reading it, or create the temp file with mode 600 and clean it up when the share stops.
A local listening process may remain running longer than expected, even though expired tokens should no longer serve the file.
The share server is intentionally started in the background and must be stopped manually. The PID is disclosed, so this is not hidden persistence, but the server process can remain after the token expires.
node "$SHARE_SCRIPT" "$FILE_PATH" "$PORT" "$HOURS" "$ONCE" > /tmp/share-$PORT.log 2>&1 & PID=$! ... echo "Server PID: $PID | Stop: kill $PID"
Kill the printed PID when finished, or update the skill to automatically shut down the server at expiry or after one-time use.