This skill should be used when the user asks to "send a secret file", "share a file securely", "share credentials file", "send API keys file", "share .env securely", "encrypt and share file", "send config to teammate", "share SSH key", "send private key file", "share certificate file", "share secrets.json", "share keyfile", "securely share file", "send secret to coworker", "share tokens file", "npx send-secret", "encrypted file sharing", "one-time link for file", "self-destructing file share", or needs to share any sensitive file via P2P encrypted link. The file is encrypted locally with AES-256-GCM and served via a one-time Cloudflare tunnel.
Generates secure P2P encrypted file sharing links with one-time access and optional expiration.
/plugin marketplace add danwag06/send-secret/plugin install send-secret@b-open-ioThis skill is limited to using the following tools:
Share files securely using P2P encrypted links. Files are encrypted locally with AES-256-GCM and served via a temporary Cloudflare tunnel. The decryption key is embedded in the URL fragment (never sent to servers).
Critical constraint: The agent must NEVER read or display file contents.
| Action | Safe | Reason |
|---|---|---|
send-secret ./file.json | Yes | File path only, content encrypted by CLI |
cat file | send-secret | NO | Piping exposes content to agent's context |
Read tool on file | NO | Would load secret into agent's context |
echo "$VAR" | send-secret | NO | Variable value exposed to agent |
# Basic file send (single recipient, no timeout)
npx send-secret <filepath>
# Multiple recipients
npx send-secret -n <count> <filepath>
# Auto-destruct timeout (seconds)
npx send-secret -t <seconds> <filepath>
# Combined: 3 views OR 5 minutes, whichever first
npx send-secret -n 3 -t 300 <filepath>
test -f or ls, never cat or Read)The CLI outputs a boxed URL like:
╭ Share this link ─────────────────────────╮
│ https://xyz.trycloudflare.com/s/abc#key=... │
╰──────────────────────────────────────────╯
Extract the full URL including the #key=... fragment. The fragment contains the decryption key and is essential.
The send-secret process runs interactively:
Waiting for receiver... (0/3)Retrieved (1/3) from 73.162.45.99Important: The process must stay running until delivery completes. Run in foreground, not background.
npx send-secret ./credentials.json
npx send-secret -n 5 ./team-secrets.env
npx send-secret -t 300 ./temp-access.json # 5 minute window
npx send-secret -n 2 -t 120 ./api-keys.txt # 2 views max, 2 min timeout
| Error | Resolution |
|---|---|
| "File too large (max 100MB)" | File exceeds size limit |
| "No data to send" | Empty file or path doesn't exist |
| "Tunnel failed" | Network issue, retry or check connection |
| Process killed before retrieval | Recipient needs new link |
# NEVER pipe file contents
cat secret.json | npx send-secret # WRONG: agent sees content
# NEVER read file first
Read secret.json, then send # WRONG: agent sees content
# NEVER echo secrets
echo "sk_live_xxx" | npx send-secret # WRONG: agent sees secret
# NEVER commit secret files or send-secret URLs to git
git add . # WRONG: may include secret files
User: "I need to share my .env file with the new developer"
Agent:
test -f ./.env && echo "File exists"User: "Just one person, no timeout needed"
Agent:
npx send-secret ./.env
Response: "Here's your secure link: [URL]. Share this with the developer. Keep this terminal open until they retrieve it - the link is single-use and self-destructs after viewing."
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.