Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From send-secret
This skill should be used when the user asks to "send a secret file", "share a file securely", "share credentials file", "send API keys file", "share .env securely", "encrypt and share file", "send config to teammate", "share SSH key", "send private key file", "share certificate file", "share secrets.json", "share keyfile", "securely share file", "send secret to coworker", "share tokens file", "npx send-secret", "encrypted file sharing", "one-time link for file", "self-destructing file share", or needs to share any sensitive file via P2P encrypted link. The file is encrypted locally with AES-256-GCM and served via a one-time Cloudflare tunnel.
npx claudepluginhub b-open-io/claude-plugins --plugin send-secretHow this skill is triggered — by the user, by Claude, or both
Slash command
/send-secret:send-secret-fileThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Share files securely using P2P encrypted links. Files are encrypted locally with AES-256-GCM and served via a temporary Cloudflare tunnel. The decryption key is embedded in the URL fragment (never sent to servers).
Implements fault-tolerant P2P file transfers via 3 parallel subagents using LocalSend HTTP API with GF(3) trit coordination over Tailscale, LAN, and DNS. Chunks files >8MB; succeeds on any channel completion.
Manages Azure File Share SMB operations: create/list/delete shares, directories/files using @azure/storage-file-share TypeScript/JavaScript SDK with various auth options.
Scans codebases for exposed credentials including API keys, passwords, and private keys. Activates on queries about secret scanning or credential leaks.
Share bugs, ideas, or general feedback.
Share files securely using P2P encrypted links. Files are encrypted locally with AES-256-GCM and served via a temporary Cloudflare tunnel. The decryption key is embedded in the URL fragment (never sent to servers).
Critical constraint: The agent must NEVER read or display file contents.
| Action | Safe | Reason |
|---|---|---|
send-secret ./file.json | Yes | File path only, content encrypted by CLI |
cat file | send-secret | NO | Piping exposes content to agent's context |
Read tool on file | NO | Would load secret into agent's context |
echo "$VAR" | send-secret | NO | Variable value exposed to agent |
# Basic file send (single recipient, no timeout)
npx send-secret <filepath>
# Multiple recipients
npx send-secret -n <count> <filepath>
# Auto-destruct timeout (seconds)
npx send-secret -t <seconds> <filepath>
# Combined: 3 views OR 5 minutes, whichever first
npx send-secret -n 3 -t 300 <filepath>
test -f or ls, never cat or Read)The CLI outputs a boxed URL like:
╭ Share this link ─────────────────────────╮
│ https://xyz.trycloudflare.com/s/abc#key=... │
╰──────────────────────────────────────────╯
Extract the full URL including the #key=... fragment. The fragment contains the decryption key and is essential.
The send-secret process runs interactively:
Waiting for receiver... (0/3)Retrieved (1/3) from 73.162.45.99Important: The process must stay running until delivery completes. Run in foreground, not background.
npx send-secret ./credentials.json
npx send-secret -n 5 ./team-secrets.env
npx send-secret -t 300 ./temp-access.json # 5 minute window
npx send-secret -n 2 -t 120 ./api-keys.txt # 2 views max, 2 min timeout
| Error | Resolution |
|---|---|
| "File too large (max 100MB)" | File exceeds size limit |
| "No data to send" | Empty file or path doesn't exist |
| "Tunnel failed" | Network issue, retry or check connection |
| Process killed before retrieval | Recipient needs new link |
# NEVER pipe file contents
cat secret.json | npx send-secret # WRONG: agent sees content
# NEVER read file first
Read secret.json, then send # WRONG: agent sees content
# NEVER echo secrets
echo "sk_live_xxx" | npx send-secret # WRONG: agent sees secret
# NEVER commit secret files or send-secret URLs to git
git add . # WRONG: may include secret files
User: "I need to share my .env file with the new developer"
Agent:
test -f ./.env && echo "File exists"User: "Just one person, no timeout needed"
Agent:
npx send-secret ./.env
Response: "Here's your secure link: [URL]. Share this with the developer. Keep this terminal open until they retrieve it - the link is single-use and self-destructs after viewing."