📦 Temp Access Link — 限时文件分享
v1.0.0一键生成带自动过期时间的安全访问链接,轻松实现文件限时分享,无需担心永久泄露。
0· 82·0 当前·0 累计
by 下载技能包
最后更新
2026/3/23
安全扫描
OpenClaw
可疑
medium confidenceThe skill is an instruction-only wrapper that delegates file uploads and link generation to an external API (api.mkkpro.com); that general purpose is coherent, but missing auth/credential declarations, an unknown source, and the obvious risk of sending sensitive files to a third-party make the package suspicious.
评估建议
This skill routes file uploads and link generation through an external service (api.mkkpro.com / toolweb.in). Before installing or using it, consider: (1) The skill declares no API key or auth method — confirm whether the service requires account credentials and whether the author omitted them intentionally. (2) Any file you upload (especially sensitive documents) will be transmitted to a third-party host; verify the provider's identity, privacy policy, retention rules, and compliance posture. (...详细分析 ▾
ℹ 用途与能力
Name/description claim: generate time-limited access links. SKILL.md and openapi.json consistently describe endpoints for generating links, uploading files, and serving files at api.mkkpro.com. This functionality is coherent with the stated purpose. However, the skill provides no server/auth configuration in openapi.json and declares no required credentials or API key despite referencing a paid service and an API gateway — this omission is unexpected and reduces trust.
✓ 指令范围
SKILL.md instructions are scoped to the stated task: POST /generate-link, POST /upload-file (multipart), GET /access/{token}, GET /files/{filename}. The instructions do not tell the agent to read unrelated local files, environment variables, or system configuration. The main scope concern is that the instructions implicitly require uploading file contents to a third-party endpoint, which is consistent with the purpose but important to surface to users.
✓ 安装机制
No install spec and no code files beyond documentation; this is low-risk from an install perspective because nothing is written to disk by the skill itself. The skill will rely on the agent making outbound HTTP requests at runtime.
⚠ 凭证需求
The skill declares no required environment variables or primary credential. Yet the SKILL.md references an external API (api.mkkpro.com), pricing plans, and a Kong route. For a paid/cloud API that can receive file uploads, it is typical to require an API key or other credentials; the absence of any declared auth is inconsistent and suspicious. Additionally, users must be aware that using the skill will send file contents and file URLs to a third-party service (possible data exfiltration risk) even though no credentials are requested.
✓ 持久化与权限
Skill flags are default: always:false and model-invocation allowed. The skill does not request persistent system modifications or special privileges. No persistence-related concerns detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/23
- Initial release of Temporary Access Link Generator. - Generate secure, time-limited access links for sharing files, with automatic expiration and token-based authentication. - Endpoints to create links for existing file URLs or uploaded files. - Endpoint for validating tokens and retrieving file metadata, plus direct file serving for valid requests. - Suitable for secure, compliance-driven file distribution with detailed usage and pricing documentation.
● Pending
安装命令
点击复制官方npx clawhub@latest install temp-access-link
镜像加速npx clawhub@latest install temp-access-link --registry https://cn.longxiaskill.com