📦 upload-file — 文件上传
v1.0.0通过 agent-browser CLI 提供可靠的分步自动化,专用于浏览器文件上传任务,支持严格验证与错误重试。
0· 68·1 当前·1 累计
by @m1ss-cell下载技能包
最后更新
2026/4/12
安全扫描
OpenClaw
可疑
medium confidenceThe skill largely does what it claims (automates browser file uploads), but there are multiple implementation/instruction inconsistencies and a few privacy concerns (undocumented env var, incorrect script name, frequent snapshots) that should be resolved before trusting it.
评估建议
This skill appears to implement browser file uploads, but don't install blindy. Check and fix the obvious mismatches first: ensure 'agent-browser' is available on the agent PATH (the skill assumes it but metadata doesn't declare it), and note SKILL.md references 'scripts/upload_file.py' while the included file is 'scripts/upload.py' — that will break the recommended Python usage. Confirm whether OPENCLAW_WORKSPACE is used in your environment (the script will read it if present) or adjust the cod...详细分析 ▾
ℹ 用途与能力
The skill's name, description, SKILL.md and included Python script all target browser file uploads via the agent-browser CLI — that's coherent. However, the package metadata lists no required binaries while both the instructions and the script rely on an 'agent-browser' binary being on PATH. Also SKILL.md references 'scripts/upload_file.py' but the provided file is 'scripts/upload.py' (filename mismatch) which will break the recommended Python mode.
ℹ 指令范围
SKILL.md gives concrete step-by-step agent-browser commands (open, wait, find, upload, snapshot) which are in-scope for upload tasks. But the instructions/implementation call 'agent-browser snapshot' several times (fallback and verification). Snapshots capture page content and could include sensitive data (file names, page text, form fields). The skill instructs snapshots on failures and during verification by default, increasing risk of unintended data capture.
✓ 安装机制
No install spec (instruction-only plus a script) — low installation risk because nothing is downloaded or written by an installer. The included script will run externally; there is no package fetching or archive extraction.
⚠ 凭证需求
The metadata declares no required env vars, but the script reads OPENCLAW_WORKSPACE (with a default) to resolve 'workspace/...' paths. That environment variable is not documented in requires.env. The script also prints command lines and resolved paths to stdout; that may leak file paths or workspace locations into logs. No credentials are requested, but the undeclared env usage and potential log exposure are disproportionate to what the metadata claims.
✓ 持久化与权限
always is false and the skill does not request or perform system-wide persistent changes. It does not modify other skills or agent config. Autonomous invocation remains possible (default) but is not a unique risk here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/12
browser-file-upload v1.0.0 – Initial release - Provides robust, step-by-step automation for uploading files to web pages using agent-browser CLI. - Enforces a strict state-machine execution protocol to maximize reliability and error handling. - Includes a standardized upload pipeline: open page, wait, trigger file input, upload, and verify. - Supports fallback strategies and path normalization for diverse upload scenarios. - Recommends Python script mode as the most stable method, with CLI command alternatives.
● 无害
安装命令
点击复制官方npx clawhub@latest install upload-file
镜像加速npx clawhub@latest install upload-file --registry https://cn.longxiaskill.com