Internal Fileshare
Share single workspace files via expiring HTTP links (tokenized, local-network only).
Features
- - ✅ Single-file sharing (no directory browsing)
- ✅ Time-limited tokens (default 1h, configurable; max 24h)
- ✅ Optional one-time access (token invalid after first successful download)
- ✅ Local/VPN-only (RFC1918 private ranges + localhost)
- ✅ UTF-8 encoding (proper display of German umlauts, etc.)
- ✅ No-cache headers (always fresh content)
- ✅ Auto-cleanup (servers can be killed when done)
Install / Update (ClawHub)
Install:
�CODEBLOCK0
Update:
clawhub update expiring-local-fileshare
Usage
Share a single file
CODEBLOCK2
Parameters:
- -
file-path (required): Absolute path to file - INLINECODE1� (optional): Port number (default: auto-assigned 8888+)
- INLINECODE2� (optional): Validity in hours (default: 1, max: 24)
- INLINECODE3� (optional): Set to
once or 1 for one-time access
Output:
Returns clickable HTTP link with token, valid for specified duration.
Example
CODEBLOCK3
How It Works
- 1. Starts a lightweight Node.js HTTP server on specified port
- Generates random 32-char hex token
- Returns URL: �INLINECODE6
- Validates:
- Source IP (must be LAN or VPN)
- Token match
- Expiry time
- 5. Serves file with correct MIME type and UTF-8 encoding
- Logs all access attempts
Security
- - Workspace-only by default: refuses to share files outside
~/.openclaw/workspace (override via FILESHARE_ALLOW_ANY_PATH=1, not recommended) - Local-only: Only serves to private IP ranges (RFC1918) + localhost (VPN counts).
- Token-based: 128-bit random tokens (computationally infeasible to guess)
- Time-limited: Hard expiry after N hours (default 1h, max 24h)
- Optional one-time: Token invalid after first successful download
- No listing: Only serves the specified file, no directory browsing
- No caching: Forces fresh content load
Supported File Types
Auto-detected MIME types:
- -
.png → �INLINECODE10 - INLINECODE11�,
.jpeg → �INLINECODE13 - INLINECODE14� → �INLINECODE15
- INLINECODE16� → �INLINECODE17
- Others → �INLINECODE18
Disable / Uninstall
There is no background service by default.
Stop active shares
�CODEBLOCK4
Uninstall (ClawHub)
If installed into
~/.openclaw/skills:
rm -rf ~/.openclaw/skills/expiring-local-fileshare
Stopping Shares
CODEBLOCK6
Policy / Defaults
- - Single files only (no folder shares)
- Default validity: 1h
- Max validity: 24h
- Local/VPN only (RFC1918 + localhost)
- No public "anyone with link"
Troubleshooting
Wrong encoding (umlauts broken)?
→ Fixed in latest version (UTF-8 charset in headers)
Old version served?
→ Kill old server + restart (no-cache headers prevent browser caching)
Can't access from outside?
→ VPN required (home network topology uses NAT/masquerade, see docs/internal-fileshare.md)
Port already in use?
→ Use different port or kill existing server
内部文件共享
通过过期HTTP链接(令牌化,仅限本地网络)共享单个工作区文件。
功能特性
- - ✅ 单文件共享(无目录浏览)
- ✅ 限时令牌(默认1小时,可配置;最长24小时)
- ✅ 可选的单次访问(首次成功下载后令牌失效)
- ✅ 仅限本地/VPN(RFC1918私有地址范围 + 本地主机)
- ✅ UTF-8编码(正确显示德语变音符号等)
- ✅ 无缓存标头(始终提供最新内容)
- ✅ 自动清理(完成后可终止服务器)
安装/更新(ClawHub)
安装:
bash
clawhub install expiring-local-fileshare
更新:
bash
clawhub update expiring-local-fileshare
使用方法
共享单个文件
bash
{baseDir}/scripts/share.sh /path/to/file.md [port] [hours] [once]
参数说明:
- - file-path(必填):文件的绝对路径
- port(可选):端口号(默认:自动分配8888以上端口)
- hours(可选):有效期(小时)(默认:1,最大:24)
- once(可选):设置为once或1启用单次访问
输出:
返回带有令牌的可点击HTTP链接,在指定时间内有效。
示例
bash
共享Markdown文件(1小时,自动分配端口)
{baseDir}/scripts/share.sh ~/.openclaw/workspace/projects/my-project/README.md
共享图片(12小时,端口9000)
{baseDir}/scripts/share.sh ~/image.png 9000 12
共享文件(单次访问,1小时)
{baseDir}/scripts/share.sh ~/secrets.txt 9001 1 once
工作原理
- 1. 在指定端口启动轻量级Node.js HTTP服务器
- 生成随机的32字符十六进制令牌
- 返回URL:http://192.168.0.219:PORT/?token=XXXXX
- 验证:
- 源IP(必须为局域网或VPN)
- 令牌匹配
- 过期时间
- 5. 以正确的MIME类型和UTF-8编码提供文件
- 记录所有访问尝试
安全性
- - 默认仅限工作区:拒绝共享~/.openclaw/workspace之外的文件(可通过FILESHAREALLOWANY_PATH=1覆盖,不推荐)
- 仅限本地:仅服务于私有IP地址范围(RFC1918)+ 本地主机(VPN适用)
- 基于令牌:128位随机令牌(计算上不可猜测)
- 限时:N小时后强制过期(默认1小时,最长24小时)
- 可选的单次访问:首次成功下载后令牌失效
- 无目录列表:仅提供指定文件,无目录浏览
- 无缓存:强制加载最新内容
支持的文件类型
自动检测的MIME类型:
- - .png → image/png
- .jpg、.jpeg → image/jpeg
- .md → text/markdown; charset=utf-8
- .txt → text/plain; charset=utf-8
- 其他 → application/octet-stream
禁用/卸载
默认情况下没有后台服务。
停止活跃的共享
bash
终止特定端口
kill $(lsof -t -i:8888)
终止通过此技能启动的所有文件共享服务器
pkill -f share-file.js
卸载(ClawHub)
如果安装到~/.openclaw/skills:
bash
rm -rf ~/.openclaw/skills/expiring-local-fileshare
停止共享
bash
终止特定端口
kill $(lsof -t -i:8888)
终止通过此技能启动的所有文件共享服务器
pkill -f share-file.js
策略/默认设置
- - 仅限单个文件(无文件夹共享)
- 默认有效期:1小时
- 最长有效期:24小时
- 仅限本地/VPN(RFC1918 + 本地主机)
- 不公开任何有链接的人
故障排除
编码错误(变音符号显示异常)?
→ 已在最新版本中修复(标头中设置UTF-8字符集)
提供的是旧版本?
→ 终止旧服务器并重新启动(无缓存标头防止浏览器缓存)
无法从外部访问?
→ 需要VPN(家庭网络拓扑使用NAT/伪装,参见docs/internal-fileshare.md)
端口已被占用?
→ 使用不同端口或终止现有服务器
