Scan Report
5 /100
file-sender
Find and send local files to a chat channel (Telegram, Discord, WhatsApp, Signal, Slack)
This is a legitimate file-sharing skill with well-documented read-only filesystem access, proper constraints against sending secrets, and no hidden or malicious behavior detected.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | scripts/send_file.py:48 os.access(resolved, os.R_OK) |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md documents find commands; scripts/send_file.py:55 subprocess.run() |
| Network | READ | READ | ✓ Aligned | Delegates to openclaw message send --media; no direct network calls in code |
| Environment | NONE | NONE | — | No os.environ access detected |
| Skill Invoke | NONE | EXECUTE | ✓ Aligned | Script calls openclaw CLI command |
File Tree
2 files · 5.8 KB · 157 lines Python 1f · 86L
Markdown 1f · 71L
├─
▾
scripts
│ └─
send_file.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ Clear documentation with explicit read-only constraints
✓ Explicit 'No secrets' policy against sending files with passwords, API keys, or tokens
✓ Size limit enforcement (50MB) prevents accidental large file transfers
✓ User confirmation requirement before sending files
✓ Permission checks before file access
✓ No credential harvesting or environment variable access
✓ Delegates to trusted openclaw CLI rather than making direct network calls
✓ Subprocess calls are documented and scoped to legitimate file-sending functionality
✓ No base64 encoding, eval, or other obfuscation techniques
✓ No downloads or external script execution