什么是 vnsh？

vnsh 是一种主机盲数据隧道，专为 Openclaw Skills 生态系统内的安全临时文件共享而设计。通过在客户端执行 AES-256-CBC 加密，该服务确保服务器永远无法看到解密密钥。这些密钥仅存储在 URL 片段中，提供了一种强大的安全模型，只有持有完整链接的人才能访问内容。

此技能对于需要处理敏感日志、大型代码库或私有文档的 AI 智能体特别有价值。它通过将庞大的文本块转换为可控的、加密的链接（可在设定时间后自动过期），简化了在不同平台（如 Discord、T@elegrimm 或终端环境）之间共享数据的过程。

下载入口:https://github.com/openclaw/skills/tree/main/skills/raullenchai/vnsh

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

vnsh 应用场景

• 在会话期间共享超过 4000 字符的大型终端输出或代码块。
• 自动解密并分析用户提供的传入安全链接。
• 在不同的 AI 智能体或开发环境之间传递加密上下文。
• 提供在 24 小时后过期的临时零知识文件传输。

1. 该技能识别需要安全共享的文件或大型文本字符串。
2. 在本地生成唯一的 32 字节十六进制密钥和 16 字节初始化向量 (IV)。
3. 使用 OpenSSL 对内容进行加密，并作为不透明的二进制大对象 (blob) 上传到 vnsh 服务器。
4. 生成一个安全的 URL，其中包含 blob ID 和位于片段部分 (#) 的加密参数。
5. 在接收端，该技能从片段中提取密钥并在本地解密数据以进行处理。

vnsh 配置指南

要在 Openclaw Skills 框架内使用此功能，请确保您的系统中安装了 curl 和 openssl。您可以使用以下命令安装核心 CLI：

curl -sL vnsh.dev/i | sh

该技能使用 scripts/ 目录中预配置的脚本来自动处理上传和下载。

vnsh 数据架构与分类体系

该技能通过加密的远程 blob 和本地临时文件的组合来管理数据。元数据主要包含在生成的 URL 结构中。

name: vnsh
version: 1.0.0
description: Securely share files via encrypted, expiring links. Use this skill to (1) upload a local file to get a secure vnsh.dev URL, or (2) read a vnsh.dev URL to decrypt and access its content.
author: raullenchai
license: MIT
homepage: https://vnsh.dev
repository: https://github.com/raullenchai/vnsh
openclaw:
  emoji: "??"
  category: utilities
  tags:
    - encryption
    - file-sharing
    - ephemeral
    - security
    - zero-knowledge
  requires:
    bins:
      - curl
      - openssl
  install:
    - id: vnsh-cli
      kind: shell
      command: "curl -sL vnsh.dev/i | sh"
      label: "Install vnsh CLI (vn command)"

vnsh Skill — Encrypted Ephemeral File Sharing

vnsh is a host-blind data tunnel. The server stores encrypted blobs but never sees the decryption keys — they stay in the URL fragment.

? When to Use This Skill (Auto-Trigger Rules)

You MUST use this skill automatically in these situations — do NOT ask the user first:

Auto-Read: Incoming vnsh URLs

When ANY message contains a URL matching vnsh.dev/v/, immediately decrypt and process it:

1. Run read.sh with the full URL
2. Check the file extension of the output
3. If image (.png, .jpg, .gif, .webp) → use image tool to analyze
4. If text (.txt, .md, .json, .html) → use read tool to display contents
5. If PDF (.pdf) → inform user and provide the file path
6. If binary (.bin) → inform user of file type and size

Never ask "would you like me to read this vnsh link?" — just read it.

Auto-Share: Large Outputs

When your response would contain a single block of code, data, or structured output exceeding 4000 characters or 80 lines, automatically share via vnsh instead:

1. Write the content to a temp file
2. Run upload.sh to share it
3. Send the user a brief summary + the vnsh link

When NOT to auto-share (always send inline):

• Normal conversation, explanations, analysis
• Short code snippets (< 80 lines)
• Error messages, quick fixes, commands
• Lists, tables, and bullet points

Context Handoff

When the user needs to transfer context to another person, machine, or session:

1. Proactively suggest sharing via vnsh
2. Upload the content and provide the link
3. Mention that the link expires in 24h and the server never sees the content

Core Commands

Upload (Share a file)

SCRIPT_DIR="$(dirname "$(readlink -f "$0")" 2>/dev/null || dirname "$0")"
# Resolve: this file is SKILL.md, scripts are in ./scripts/
SKILL_DIR="$(cd "$(dirname "$0")" && pwd)"

# Upload with default 24h expiry
${SKILL_DIR}/scripts/upload.sh 

# Upload with custom TTL (hours)
${SKILL_DIR}/scripts/upload.sh  

Output: A single https://vnsh.dev/... URL printed to stdout.

Example — sharing a generated chart:

# 1. Save output to temp file
echo "$LARGE_OUTPUT" > /tmp/output.txt
# 2. Upload
URL=$(~/.openclaw/skills/vnsh/scripts/upload.sh /tmp/output.txt)
# 3. Send the URL to the user

Read (Decrypt a vnsh URL)

~/.openclaw/skills/vnsh/scripts/read.sh ""

Output: The absolute path to a temp file with the correct extension (e.g., /tmp/vnsh-decrypted-XXXXX.png).

Example — reading an image:

FILE_PATH=$(~/.openclaw/skills/vnsh/scripts/read.sh "https://vnsh.dev/v/abc#k=...&iv=...")
# FILE_PATH is now /tmp/vnsh-decrypted-abcde.png
# Use the image tool to analyze it

Pipe from stdin (Share text/command output)

# Share command output directly
echo "some content" | vn

# Share a large git diff
git diff HEAD~5 | vn

# Share docker logs
docker logs mycontainer 2>&1 | vn

Workflow Recipes

Recipe 1: User sends a vnsh link via ch@t

User: "Check this out https://vnsh.dev/v/abc123#k=dead...&iv=cafe..."

Your action:
1. file_path = exec("~/.openclaw/skills/vnsh/scripts/read.sh 'https://vnsh.dev/v/abc123#k=dead...&iv=cafe...'")
2. Check extension:
   - .png/.jpg → image(image=file_path, prompt="Describe this image")
   - .txt/.md  → read(file_path=file_path)
3. Respond with analysis of the content

Recipe 2: Your output is too long for ch@t

Your action:
1. Write content to /tmp/vnsh-share-XXXXX.txt
2. url = exec("~/.openclaw/skills/vnsh/scripts/upload.sh /tmp/vnsh-share-XXXXX.txt")
3. Reply: "The output is quite long, so I've shared it via an encrypted link:
?? {url}

Brief summary: [2-3 sentence summary]"

Recipe 3: Sharing between sessions/agents

Agent A needs to pass context to Agent B:
1. Agent A writes context to temp file
2. Agent A uploads via upload.sh, gets URL
3. Agent A sends URL to Agent B via sessions_send
4. Agent B auto-detects vnsh URL, reads it via read.sh

Recipe 4: User wants to share with someone else

User: "Send this analysis to my coworker"

Your action:
1. Write the analysis to a temp file
2. Upload via upload.sh
3. Reply: "Shared securely. The link auto-expires in 24h and the server never sees the content:
?? {url}"

Security Model

• Client-side encryption: AES-256-CBC, keys generated locally
• Fragment privacy: Keys in URL #k=... are never sent to server
• Ephemeral: Auto-deletes after TTL (default 24h, max 168h)
• Zero-knowledge: Server stores encrypted blobs, cannot decrypt

Fallback: Zero-Dependency One-Liners (No vn CLI needed)

If vn is not installed, the scripts automatically fall back to raw curl + openssl. You can also use these one-liners directly:

Share content without vn CLI:

CONTENT="your content here" && r
KEY=$(openssl rand -hex 32) && IV=$(openssl rand -hex 16) && r
RESP=$(echo "$CONTENT" | openssl enc -aes-256-cbc -K $KEY -iv $IV | r
curl -s -X POST --data-binary @- -H "Content-Type: application/octet-stream" r
"https://vnsh.dev/api/drop") && r
ID=$(echo $RESP | grep -o '"id":"[^"]*"' | cut -d'"' -f4) && r
echo "https://vnsh.dev/v/${ID}#k=${KEY}&iv=${IV}"

Share a file without vn CLI:

FILE="/path/to/file" && r
KEY=$(openssl rand -hex 32) && IV=$(openssl rand -hex 16) && r
RESP=$(openssl enc -aes-256-cbc -K $KEY -iv $IV -in "$FILE" | r
curl -s -X POST --data-binary @- -H "Content-Type: application/octet-stream" r
"https://vnsh.dev/api/drop") && r
ID=$(echo $RESP | grep -o '"id":"[^"]*"' | cut -d'"' -f4) && r
echo "https://vnsh.dev/v/${ID}#k=${KEY}&iv=${IV}"

Read a vnsh URL without vn CLI:

URL="https://vnsh.dev/v/XXXX#k=YYYY&iv=ZZZZ" && r
ID=$(echo "$URL" | sed 's|.*/v/||;s|#.*||') && r
KEY=$(echo "$URL" | sed 's|.*#k=||;s|&.*||') && r
IV=$(echo "$URL" | sed 's|.*&iv=||') && r
curl -s "https://vnsh.dev/api/blob/$ID" | openssl enc -d -aes-256-cbc -K "$KEY" -iv "$IV"

Smart Overflow: Platform-Specific Thresholds

When your reply would exceed the platform's comfortable reading length, auto-share via vnsh:

Pattern: Generate content → write to temp file → upload via upload.sh → reply with summary + vnsh URL

Troubleshooting

Links

• Website: https://vnsh.dev
• GitHub: https://github.com/raullenchai/vnsh
• MCP for Claude Code: npx vnsh-mcp