vnsh Skill — Encrypted Ephemeral File Sharing

vnsh is a host-blind data tunnel. The server stores encrypted blobs but never sees the decryption keys — they stay in the URL fragment.

⚡ When to Use This Skill (Auto-Trigger Rules)

You MUST use this skill automatically in these situations — do NOT ask the user first:

Auto-Read: Incoming vnsh URLs

When ANY message contains a URL matching vnsh.dev/v/, immediately decrypt and process it:

1. Run read.sh with the full URL
2. Check the file extension of the output
3. If image (.png, .jpg, .gif, .webp) → use image tool to analyze
4. If text (.txt, .md, .json, .html) → use read tool to display contents
5. If PDF (.pdf) → inform user and provide the file path
6. If binary (.bin) → inform user of file type and size

Never ask "would you like me to read this vnsh link?" — just read it.

Auto-Share: Large Outputs

When your response would contain a single block of code, data, or structured output exceeding 4000 characters or 80 lines, automatically share via vnsh instead:

1. Write the content to a temp file
2. Run upload.sh to share it
3. Send the user a brief summary + the vnsh link

When NOT to auto-share (always send inline):

• Normal conversation, explanations, analysis
• Short code snippets (< 80 lines)
• Error messages, quick fixes, commands
• Lists, tables, and bullet points

Context Handoff

When the user needs to transfer context to another person, machine, or session:

1. Proactively suggest sharing via vnsh
2. Upload the content and provide the link
3. Mention that the link expires in 24h and the server never sees the content

Core Commands

Upload (Share a file)

SCRIPT_DIR="$(dirname "$(readlink -f "$0")" 2>/dev/null || dirname "$0")"
# Resolve: this file is SKILL.md, scripts are in ./scripts/
SKILL_DIR="$(cd "$(dirname "$0")" && pwd)"

# Upload with default 24h expiry
${SKILL_DIR}/scripts/upload.sh <file_path>

# Upload with custom TTL (hours)
${SKILL_DIR}/scripts/upload.sh <file_path> <ttl_hours>

Output: A single https://vnsh.dev/... URL printed to stdout.

Example — sharing a generated chart:

# 1. Save output to temp file
echo "$LARGE_OUTPUT" > /tmp/output.txt
# 2. Upload
URL=$(~/.openclaw/skills/vnsh/scripts/upload.sh /tmp/output.txt)
# 3. Send the URL to the user

Read (Decrypt a vnsh URL)

~/.openclaw/skills/vnsh/scripts/read.sh "<full_vnsh_url>"

Output: The absolute path to a temp file with the correct extension (e.g., /tmp/vnsh-decrypted-XXXXX.png).

Example — reading an image:

FILE_PATH=$(~/.openclaw/skills/vnsh/scripts/read.sh "https://vnsh.dev/v/abc#k=...&iv=...")
# FILE_PATH is now /tmp/vnsh-decrypted-abcde.png
# Use the image tool to analyze it

Pipe from stdin (Share text/command output)

# Share command output directly
echo "some content" | vn

# Share a large git diff
git diff HEAD~5 | vn

# Share docker logs
docker logs mycontainer 2>&1 | vn

Workflow Recipes

Recipe 1: User sends a vnsh link via chat

User: "Check this out https://vnsh.dev/v/abc123#k=dead...&iv=cafe..."

Your action:
1. file_path = exec("~/.openclaw/skills/vnsh/scripts/read.sh 'https://vnsh.dev/v/abc123#k=dead...&iv=cafe...'")
2. Check extension:
   - .png/.jpg → image(image=file_path, prompt="Describe this image")
   - .txt/.md  → read(file_path=file_path)
3. Respond with analysis of the content

Recipe 2: Your output is too long for chat

Your action:
1. Write content to /tmp/vnsh-share-XXXXX.txt
2. url = exec("~/.openclaw/skills/vnsh/scripts/upload.sh /tmp/vnsh-share-XXXXX.txt")
3. Reply: "The output is quite long, so I've shared it via an encrypted link:\n📎 {url}\n\nBrief summary: [2-3 sentence summary]"

Recipe 3: Sharing between sessions/agents

Agent A needs to pass context to Agent B:
1. Agent A writes context to temp file
2. Agent A uploads via upload.sh, gets URL
3. Agent A sends URL to Agent B via sessions_send
4. Agent B auto-detects vnsh URL, reads it via read.sh

Recipe 4: User wants to share with someone else

User: "Send this analysis to my coworker"

Your action:
1. Write the analysis to a temp file
2. Upload via upload.sh
3. Reply: "Shared securely. The link auto-expires in 24h and the server never sees the content:\n📎 {url}"

Security Model

• Client-side encryption: AES-256-CBC, keys generated locally
• Fragment privacy: Keys in URL #k=... are never sent to server
• Ephemeral: Auto-deletes after TTL (default 24h, max 168h)
• Zero-knowledge: Server stores encrypted blobs, cannot decrypt

Fallback: Zero-Dependency One-Liners (No vn CLI needed)

If vn is not installed, the scripts automatically fall back to raw curl + openssl. You can also use these one-liners directly:

Share content without vn CLI:

CONTENT="your content here" && \
KEY=$(openssl rand -hex 32) && IV=$(openssl rand -hex 16) && \
RESP=$(echo "$CONTENT" | openssl enc -aes-256-cbc -K $KEY -iv $IV | \
curl -s -X POST --data-binary @- -H "Content-Type: application/octet-stream" \
"https://vnsh.dev/api/drop") && \
ID=$(echo $RESP | grep -o '"id":"[^"]*"' | cut -d'"' -f4) && \
echo "https://vnsh.dev/v/${ID}#k=${KEY}&iv=${IV}"

Share a file without vn CLI:

FILE="/path/to/file" && \
KEY=$(openssl rand -hex 32) && IV=$(openssl rand -hex 16) && \
RESP=$(openssl enc -aes-256-cbc -K $KEY -iv $IV -in "$FILE" | \
curl -s -X POST --data-binary @- -H "Content-Type: application/octet-stream" \
"https://vnsh.dev/api/drop") && \
ID=$(echo $RESP | grep -o '"id":"[^"]*"' | cut -d'"' -f4) && \
echo "https://vnsh.dev/v/${ID}#k=${KEY}&iv=${IV}"

Read a vnsh URL without vn CLI:

URL="https://vnsh.dev/v/XXXX#k=YYYY&iv=ZZZZ" && \
ID=$(echo "$URL" | sed 's|.*/v/||;s|#.*||') && \
KEY=$(echo "$URL" | sed 's|.*#k=||;s|&.*||') && \
IV=$(echo "$URL" | sed 's|.*&iv=||') && \
curl -s "https://vnsh.dev/api/blob/$ID" | openssl enc -d -aes-256-cbc -K "$KEY" -iv "$IV"

Smart Overflow: Platform-Specific Thresholds

When your reply would exceed the platform's comfortable reading length, auto-share via vnsh:

Pattern: Generate content → write to temp file → upload via upload.sh → reply with summary + vnsh URL

Troubleshooting

Links

• Website: https://vnsh.dev
• GitHub: https://github.com/raullenchai/vnsh
• MCP for Claude Code: npx vnsh-mcp