📦 Ftp Sync — FTP同步工具

v1.0.0

一键完成本地与远程 FTP/SFTP 双向同步，支持增量备份、断点续传、定时任务与冲突自动处理，适合网站维护、服务器管理与自动化部署。

0· 252·1 当前·1 累计

by @sxliuyu (SxLiuYu)

网络工具文件处理自动化云服务系统工具

下载技能包

最后更新

2026/4/21

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

The skill claims full FTP/SFTP incremental sync but the code only simulates syncing and warns you to install paramiko or use rsync — functionality and implementation are inconsistent and there are minor security/privacy concerns (passwords on CLI).

评估建议

This skill is not obviously malicious, but it is incomplete: the Python script only simulates sync and tells you to install paramiko or use rsync to perform real transfers. Before using it, consider: 1) verify the author/source and prefer skills with explicit dependency lists (paramiko) and implemented network code; 2) avoid passing passwords on the command line (use SSH keys or prompt-based input) because CLI passwords can appear in process lists or shell history; 3) run in dry-run mode first a...

详细分析 ▾

ℹ 用途与能力

The name/description promise SFTP support and incremental backups, which is reasonable for an FTP sync tool. However, the included script does not implement network SFTP/FTP operations — it only simulates sync, prints warnings, and points to external tools (paramiko or rsync). The meta says python3 is required but does not declare paramiko as a dependency. This is an implementation gap (not necessarily malicious) but it is an incoherence: the skill advertises capabilities it does not actually provide.

ℹ 指令范围

SKILL.md gives straightforward CLI examples that run the included Python script. It does not instruct the agent to read unrelated files or credentials. It does encourage passing passwords on the command line (e.g., --password), which can leak to process listings — a privacy/security caveat but not out-of-scope for the described task.

✓ 安装机制

There is no install spec (instruction-only plus one script). _meta.json lists python3 in bins which is consistent. No downloads, external install URLs, or archive extraction are present.

ℹ 凭证需求

The skill requests no environment variables or credentials via metadata. The runtime examples accept passwords via CLI arguments which can expose secrets (process list, shell history). The script mentions paramiko but doesn't declare it as a required dependency. No unrelated credentials are requested.

✓ 持久化与权限

always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or system-wide configs.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/16

Initial release of ftp-sync: - 支持本地与远程服务器（FTP/SFTP）文件同步 - 实现增量同步和备份功能 - 提供同步报告与差异对比 - 支持密钥认证方式登录 - 适用于网站维护和服务器管理

● 无害

安装命令

点击复制

官方npx clawhub@latest install ftp-sync

镜像加速npx clawhub@latest install ftp-sync --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库