Securely share files using encrypted, expiring vnsh.dev links with the vnsh CLI for uploading and decrypting shared content.
---
name: vnsh
version: 1.0.0
description: Securely share files via encrypted, expiring links. Use this skill to (1) upload a local file to get a secure vnsh.dev URL, or (2) read a vnsh.dev URL to decrypt and access its content.
author: raullenchai
license: MIT
homepage: https://vnsh.dev
repository: https://github.com/raullenchai/vnsh
openclaw:
emoji: "๐"
category: utilities
tags:
- encryption
- file-sharing
- ephemeral
- security
- zero-knowledge
requires:
bins:
- curl
- openssl
install:
- id: vnsh-cli
kind: shell
command: "curl -sL vnsh.dev/i | sh"
label: "Install vnsh CLI (vn command)"
---
# vnsh Skill โ Encrypted Ephemeral File Sharing
vnsh is a **host-blind** data tunnel. The server stores encrypted blobs but **never sees the decryption keys** โ they stay in the URL fragment.
## โก When to Use This Skill (Auto-Trigger Rules)
**You MUST use this skill automatically in these situations โ do NOT ask the user first:**
### Auto-Read: Incoming vnsh URLs
When ANY message contains a URL matching `vnsh.dev/v/`, immediately decrypt and process it:
1. Run `read.sh` with the full URL
2. Check the file extension of the output
3. If image (`.png`, `.jpg`, `.gif`, `.webp`) โ use `image` tool to analyze
4. If text (`.txt`, `.md`, `.json`, `.html`) โ use `read` tool to display contents
5. If PDF (`.pdf`) โ inform user and provide the file path
6. If binary (`.bin`) โ inform user of file type and size
**Never ask "would you like me to read this vnsh link?" โ just read it.**
### Auto-Share: Large Outputs
When your response would contain a single block of code, data, or structured output exceeding **4000 characters** or **80 lines**, automatically share via vnsh instead:
1. Write the content to a temp file
2. Run `upload.sh` to share it
3. Send the user a brief summary + the vnsh link
**When NOT to auto-share (always send inline):**
- Normal conversation, explanations, analysis
- Short code snippets (< 80 lines)
- Error messages, quick fixes, commands
- Lists, tables, and bullet points
### Context Handoff
When the user needs to transfer context to another person, machine, or session:
1. Proactively suggest sharing via vnsh
2. Upload the content and provide the link
3. Mention that the link expires in 24h and the server never sees the content
## Core Commands
### Upload (Share a file)
```bash
SCRIPT_DIR="$(dirname "$(readlink -f "$0")" 2>/dev/null || dirname "$0")"
# Resolve: this file is SKILL.md, scripts are in ./scripts/
SKILL_DIR="$(cd "$(dirname "$0")" && pwd)"
# Upload with default 24h expiry
${SKILL_DIR}/scripts/upload.sh <file_path>
# Upload with custom TTL (hours)
${SKILL_DIR}/scripts/upload.sh <file_path> <ttl_hours>
```
**Output**: A single `https://vnsh.dev/...` URL printed to stdout.
**Example โ sharing a generated chart:**
```bash
# 1. Save output to temp file
echo "$LARGE_OUTPUT" > /tmp/output.txt
# 2. Upload
URL=$(~/.openclaw/skills/vnsh/scripts/upload.sh /tmp/output.txt)
# 3. Send the URL to the user
```
### Read (Decrypt a vnsh URL)
```bash
~/.openclaw/skills/vnsh/scripts/read.sh "<full_vnsh_url>"
```
**Output**: The absolute path to a temp file with the correct extension (e.g., `/tmp/vnsh-decrypted-XXXXX.png`).
**Example โ reading an image:**
```bash
FILE_PATH=$(~/.openclaw/skills/vnsh/scripts/read.sh "https://vnsh.dev/v/abc#k=...&iv=...")
# FILE_PATH is now /tmp/vnsh-decrypted-abcde.png
# Use the image tool to analyze it
```
### Pipe from stdin (Share text/command output)
```bash
# Share command output directly
echo "some content" | vn
# Share a large git diff
git diff HEAD~5 | vn
# Share docker logs
docker logs mycontainer 2>&1 | vn
```
## Workflow Recipes
### Recipe 1: User sends a vnsh link via chat
```
User: "Check this out https://vnsh.dev/v/abc123#k=dead...&iv=cafe..."
Your action:
1. file_path = exec("~/.openclaw/skills/vnsh/scripts/read.sh 'https://vnsh.dev/v/abc123#k=dead...&iv=cafe...'")
2. Check extension:
- .png/.jpg โ image(image=file_path, prompt="Describe this image")
- .txt/.md โ read(file_path=file_path)
3. Respond with analysis of the content
```
### Recipe 2: Your output is too long for chat
```
Your action:
1. Write content to /tmp/vnsh-share-XXXXX.txt
2. url = exec("~/.openclaw/skills/vnsh/scripts/upload.sh /tmp/vnsh-share-XXXXX.txt")
3. Reply: "The output is quite long, so I've shared it via an encrypted link:\n๐ {url}\n\nBrief summary: [2-3 sentence summary]"
```
### Recipe 3: Sharing between sessions/agents
```
Agent A needs to pass context to Agent B:
1. Agent A writes context to temp file
2. Agent A uploads via upload.sh, gets URL
3. Agent A sends URL to Agent B via sessions_send
4. Agent B auto-detects vnsh URL, reads it via read.sh
```
### Recipe 4: User wants to share with someone else
```
User: "Send this analysis to my coworker"
Your action:
1. Write the analysis to a temp file
2. Upload via upload.sh
3. Reply: "Shared securely. The link auto-expires in 24h and the server never sees the content:\n๐ {url}"
```
## Security Model
- **Client-side encryption**: AES-256-CBC, keys generated locally
- **Fragment privacy**: Keys in URL `#k=...` are never sent to server
- **Ephemeral**: Auto-deletes after TTL (default 24h, max 168h)
- **Zero-knowledge**: Server stores encrypted blobs, cannot decrypt
## Fallback: Zero-Dependency One-Liners (No vn CLI needed)
If `vn` is not installed, the scripts automatically fall back to raw `curl` + `openssl`. You can also use these one-liners directly:
### Share content without vn CLI:
```bash
CONTENT="your content here" && \
KEY=$(openssl rand -hex 32) && IV=$(openssl rand -hex 16) && \
RESP=$(echo "$CONTENT" | openssl enc -aes-256-cbc -K $KEY -iv $IV | \
curl -s -X POST --data-binary @- -H "Content-Type: application/octet-stream" \
"https://vnsh.dev/api/drop") && \
ID=$(echo $RESP | grep -o '"id":"[^"]*"' | cut -d'"' -f4) && \
echo "https://vnsh.dev/v/${ID}#k=${KEY}&iv=${IV}"
```
### Share a file without vn CLI:
```bash
FILE="/path/to/file" && \
KEY=$(openssl rand -hex 32) && IV=$(openssl rand -hex 16) && \
RESP=$(openssl enc -aes-256-cbc -K $KEY -iv $IV -in "$FILE" | \
curl -s -X POST --data-binary @- -H "Content-Type: application/octet-stream" \
"https://vnsh.dev/api/drop") && \
ID=$(echo $RESP | grep -o '"id":"[^"]*"' | cut -d'"' -f4) && \
echo "https://vnsh.dev/v/${ID}#k=${KEY}&iv=${IV}"
```
### Read a vnsh URL without vn CLI:
```bash
URL="https://vnsh.dev/v/XXXX#k=YYYY&iv=ZZZZ" && \
ID=$(echo "$URL" | sed 's|.*/v/||;s|#.*||') && \
KEY=$(echo "$URL" | sed 's|.*#k=||;s|&.*||') && \
IV=$(echo "$URL" | sed 's|.*&iv=||') && \
curl -s "https://vnsh.dev/api/blob/$ID" | openssl enc -d -aes-256-cbc -K "$KEY" -iv "$IV"
```
## Smart Overflow: Platform-Specific Thresholds
When your reply would exceed the platform's comfortable reading length, auto-share via vnsh:
| Platform | Threshold | Action |
|----------|-----------|--------|
| WhatsApp / Telegram | > 500 chars of code/data | Auto-share via vnsh |
| Discord | > 1500 chars | Auto-share via vnsh |
| Claude Code terminal | > 2000 chars | Consider vnsh |
| Webchat | > 4000 chars | Auto-share via vnsh |
**Pattern**: Generate content โ write to temp file โ upload via upload.sh โ reply with summary + vnsh URL
## Troubleshooting
| Issue | Solution |
|-------|----------|
| `vn: command not found` | Run: `curl -sL vnsh.dev/i \| sh` |
| `openssl: command not found` | Install OpenSSL: `brew install openssl` (macOS) |
| Blob not found / 404 | Link has expired (24h default) |
| Decryption failed | URL was truncated โ ensure full `#k=...&iv=...` is included |
| Empty file after decrypt | Original content may have been empty, or URL is malformed |
## Links
- Website: https://vnsh.dev
- GitHub: https://github.com/raullenchai/vnsh
- MCP for Claude Code: `npx vnsh-mcp`
don't have the plugin yet? install it then click "run inline in claude" again.