OpenClaw · Skill
Vnsh
vnsh is a host-blind data tunnel. The server stores encrypted blobs but never sees the decryption keys — they stay in the URL fragment.
Install
Start with the primary install command. Alternate entrypoints are included below for ClawHub and OpenClaw CLI users.
Primary command
clawhub install raullenchai/vnshClawHub installer
npx clawhub@latest install raullenchai/vnshOpenClaw CLI
openclaw skills install raullenchai/vnshDirect OpenClaw install
openclaw install raullenchai/vnshWhat this skill does
vnsh is a host-blind data tunnel. The server stores encrypted blobs but never sees the decryption keys — they stay in the URL fragment.
Why it matters
Unlike Pastebin or cloud storage, the server never receives the decryption key, so the provider cannot read the content even if compelled.
Typical use cases
- Sharing a large git diff with a teammate without exposing it to cloud storage
- Passing context between AI agent sessions via an encrypted link
- Sending a config file or log that auto-deletes after 24 hours
- Transferring a generated report without creating a file host account
- Piping docker logs or long command output out of a chat message
Source instructions
vnsh Skill — Encrypted Ephemeral File Sharing
vnsh is a host-blind data tunnel. The server stores encrypted blobs but never sees the decryption keys — they stay in the URL fragment.
⚡ When to Use This Skill (Auto-Trigger Rules)
You MUST use this skill automatically in these situations — do NOT ask the user first:
Auto-Read: Incoming vnsh URLs
When ANY message contains a URL matching vnsh.dev/v/, immediately decrypt and process it:
- Run
read.shwith the full URL - Check the file extension of the output
- If image (
.png,.jpg,.gif,.webp) → useimagetool to analyze - If text (
.txt,.md,.json,.html) → usereadtool to display contents - If PDF (
.pdf) → inform user and provide the file path - If binary (
.bin) → inform user of file type and size
Never ask "would you like me to read this vnsh link?" — just read it.
Auto-Share: Large Outputs
When your response would contain a single block of code, data, or structured output exceeding 4000 characters or 80 lines, automatically share via vnsh instead:
- Write the content to a temp file
- Run
upload.shto share it - Send the user a brief summary + the vnsh link
When NOT to auto-share (always send inline):
- Normal conversation, explanations, analysis
- Short code snippets (< 80 lines)
- Error messages, quick fixes, commands
- Lists, tables, and bullet points
Context Handoff
When the user needs to transfer context to another person, machine, or session:
- Proactively suggest sharing via vnsh
- Upload the content and provide the link
- Mention that the link expires in 24h and the server never sees the content
Core Commands
Upload (Share a file)
SCRIPT_DIR="$(dirname "$(readlink -f "$0")" 2>/dev/null || dirname "$0")"
# Resolve: this file is SKILL.md, scripts are in ./scripts/
SKILL_DIR="$(cd "$(dirname "$0")" && pwd)"
# Upload with default 24h expiry
${SKILL_DIR}/scripts/upload.sh <file_path>
# Upload with custom TTL (hours)
${SKILL_DIR}/scripts/upload.sh <file_path> <ttl_hours>
Output: A single https://vnsh.dev/... URL printed to stdout.
Example — sharing a generated chart:
# 1. Save output to temp file
echo "$LARGE_OUTPUT" > /tmp/output.txt
# 2. Upload
URL=$(~/.openclaw/skills/vnsh/scripts/upload.sh /tmp/output.txt)
# 3. Send the URL to the user
Read (Decrypt a vnsh URL)
~/.openclaw/skills/vnsh/scripts/read.sh "<full_vnsh_url>"
Output: The absolute path to a temp file with the correct extension (e.g., /tmp/vnsh-decrypted-XXXXX.png).
Example — reading an image:
FILE_PATH=$(~/.openclaw/skills/vnsh/scripts/read.sh "https://vnsh.dev/v/abc#k=...&iv=...")
# FILE_PATH is now /tmp/vnsh-decrypted-abcde.png
# Use the image tool to analyze it
Pipe from stdin (Share text/command output)
# Share command output directly
echo "some content" | vn
# Share a large git diff
git diff HEAD~5 | vn
# Share docker logs
docker logs mycontainer 2>&1 | vn
Workflow Recipes
Recipe 1: User sends a vnsh link via chat
User: "Check this out https://vnsh.dev/v/abc123#k=dead...&iv=cafe..."
Your action:
1. file_path = exec("~/.openclaw/skills/vnsh/scripts/read.sh 'https://vnsh.dev/v/abc123#k=dead...&iv=cafe...'")
2. Check extension:
- .png/.jpg → image(image=file_path, prompt="Describe this image")
- .txt/.md → read(file_path=file_path)
3. Respond with analysis of the content
Recipe 2: Your output is too long for chat
Your action:
1. Write content to /tmp/vnsh-share-XXXXX.txt
2. url = exec("~/.openclaw/skills/vnsh/scripts/upload.sh /tmp/vnsh-share-XXXXX.txt")
3. Reply: "The output is quite long, so I've shared it via an encrypted link:\n📎 {url}\n\nBrief summary: [2-3 sentence summary]"
Recipe 3: Sharing between sessions/agents
Agent A needs to pass context to Agent B:
1. Agent A writes context to temp file
2. Agent A uploads via upload.sh, gets URL
3. Agent A sends URL to Agent B via sessions_send
4. Agent B auto-detects vnsh URL, reads it via read.sh
Recipe 4: User wants to share with someone else
User: "Send this analysis to my coworker"
Your action:
1. Write the analysis to a temp file
2. Upload via upload.sh
3. Reply: "Shared securely. The link auto-expires in 24h and the server never sees the content:\n📎 {url}"
Security Model
- Client-side encryption: AES-256-CBC, keys generated locally
- Fragment privacy: Keys in URL
#k=...are never sent to server - Ephemeral: Auto-deletes after TTL (default 24h, max 168h)
- Zero-knowledge: Server stores encrypted blobs, cannot decrypt
Fallback: Zero-Dependency One-Liners (No vn CLI needed)
If vn is not installed, the scripts automatically fall back to raw curl + openssl. You can also use these one-liners directly:
Share content without vn CLI:
CONTENT="your content here" && \
KEY=$(openssl rand -hex 32) && IV=$(openssl rand -hex 16) && \
RESP=$(echo "$CONTENT" | openssl enc -aes-256-cbc -K $KEY -iv $IV | \
curl -s -X POST --data-binary @- -H "Content-Type: application/octet-stream" \
"https://vnsh.dev/api/drop") && \
ID=$(echo $RESP | grep -o '"id":"[^"]*"' | cut -d'"' -f4) && \
echo "https://vnsh.dev/v/${ID}#k=${KEY}&iv=${IV}"
Share a file without vn CLI:
FILE="/path/to/file" && \
KEY=$(openssl rand -hex 32) && IV=$(openssl rand -hex 16) && \
RESP=$(openssl enc -aes-256-cbc -K $KEY -iv $IV -in "$FILE" | \
curl -s -X POST --data-binary @- -H "Content-Type: application/octet-stream" \
"https://vnsh.dev/api/drop") && \
ID=$(echo $RESP | grep -o '"id":"[^"]*"' | cut -d'"' -f4) && \
echo "https://vnsh.dev/v/${ID}#k=${KEY}&iv=${IV}"
Read a vnsh URL without vn CLI:
URL="https://vnsh.dev/v/XXXX#k=YYYY&iv=ZZZZ" && \
ID=$(echo "$URL" | sed 's|.*/v/||;s|#.*||') && \
KEY=$(echo "$URL" | sed 's|.*#k=||;s|&.*||') && \
IV=$(echo "$URL" | sed 's|.*&iv=||') && \
curl -s "https://vnsh.dev/api/blob/$ID" | openssl enc -d -aes-256-cbc -K "$KEY" -iv "$IV"
Smart Overflow: Platform-Specific Thresholds
When your reply would exceed the platform's comfortable reading length, auto-share via vnsh:
| Platform | Threshold | Action |
|---|---|---|
| WhatsApp / Telegram | > 500 chars of code/data | Auto-share via vnsh |
| Discord | > 1500 chars | Auto-share via vnsh |
| Claude Code terminal | > 2000 chars | Consider vnsh |
| Webchat | > 4000 chars | Auto-share via vnsh |
Pattern: Generate content → write to temp file → upload via upload.sh → reply with summary + vnsh URL
Troubleshooting
| Issue | Solution |
|---|---|
vn: command not found | Run: curl -sL vnsh.dev/i | sh |
openssl: command not found | Install OpenSSL: brew install openssl (macOS) |
| Blob not found / 404 | Link has expired (24h default) |
| Decryption failed | URL was truncated — ensure full #k=...&iv=... is included |
| Empty file after decrypt | Original content may have been empty, or URL is malformed |
Links
- Website: https://vnsh.dev
- GitHub: https://github.com/raullenchai/vnsh
- MCP for Claude Code:
npx vnsh-mcp