📂 Ftp Client Php — PHP代理FTP

v0.1.0

通过PHP代理实现FTP/FTPS文件管理，支持列目录、上传、下载、删除、移动、复制、创建目录、读写文件，可在NAT/防火墙后运行（如HuggingFace）。

0· 238·0 当前·0 累计

by @erayai

文件处理开发工具网络工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This skill appears to do what it says: it runs Node scripts that call a PHP proxy you specify and will send your FTP username/password and file contents to that proxy. Before installing: (1) only use a php proxy URL you control or fully trust — do not point to a third-party endpoint you don't administer, (2) if possible set and require ftp_php_apikey and host controls on the proxy, (3) host the PHP proxy on HTTPS with a valid certificate (the client currently allows self-signed certs by default)...

详细分析 ▾

✓ 用途与能力

Name/description, required binary (node), and the single required env var (FTP_PHP_CONFIG) are consistent with a Node-based FTP client that proxies operations through a PHP HTTP endpoint. The env JSON fields (ftp_php_domain, ftp_client_host, ftp_client_username/password, etc.) are exactly what this proxy-based design needs.

ℹ 指令范围

Runtime instructions and included scripts stay within the described scope (list, upload, download, read, write, delete, move, copy, mkdir). However, the runtime will: (1) read local files for uploads and --stdin content, (2) write downloaded files to local disk, and (3) transmit FTP credentials and file contents to the configured ftp_php_domain. The client also sets HTTPS option rejectUnauthorized: false (accepts self-signed certs), which reduces TLS protections if used with untrusted endpoints.

✓ 安装机制

There is no packaged install step; code files are included and require only Node to run. No external downloads or installers are invoked. This is low-risk from an install mechanism standpoint (nothing fetched/executed from arbitrary URLs).

ℹ 凭证需求

Only one environment variable is required (FTP_PHP_CONFIG) and it contains the FTP server credentials, proxy URL, and optional API key — which are necessary for the skill to operate. That is proportionate, but it means sensitive credentials and file contents will be stored in the skill environment and sent to the configured PHP proxy, so you must trust the proxy endpoint/operator.

✓ 持久化与权限

The skill is not forced-always, does not request elevated platform privileges, and does not alter other skills or global agent config. Autonomous invocation is allowed (platform default) but not combined with any suspicious persistent privileges.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.02026/3/17

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install ftp-client-php

镜像加速npx clawhub@latest install ftp-client-php --registry https://cn.longxiaskill.com镜像同步中

需要定制？告诉我你的需求 →

数据来源：ClawHub ↗ · 中文优化：龙虾技能库