xdrop
$
npx mdskill add xixu-me/skills/xdropAutomate encrypted file transfers via Xdrop server commands.
- Handles uploading and downloading files with secure decryption.
- Integrates Bun scripts and requires local filesystem access.
- Executes based on explicit requests or CLI flag usage.
- Outputs share links, JSON data, or decrypted file contents.
SKILL.md
.github/skills/xdropView on GitHub ↗
--- name: xdrop description: Use this skill when the user wants to send or fetch files through an Xdrop server from the terminal, asks to automate encrypted Xdrop share-link workflows, provides an Xdrop `/t/:transferId#k=...` link to download and decrypt locally, or needs Xdrop CLI flags such as `--quiet`, `--json`, `--expires-in`, `--output`, or `--api-url`, even if they do not explicitly mention the skill name. --- Use the bundled scripts inside this skill directory. ## Available scripts - `scripts/upload.mjs` — Upload local files or directories to an Xdrop server and print the share link - `scripts/download.mjs` — Download an Xdrop share link, decrypt it locally, and save the files Environment requirements: - Bun - Local filesystem access - Network access to the target Xdrop server ## Upload ```bash bun scripts/upload.mjs --server <xdrop-site-url> <file-or-directory> [...] ``` Prefer these flags when relevant: - `--quiet`: suppress progress output and keep stdout clean - `--json`: return `transferId`, `shareUrl`, and `expiresAt` - `--expires-in <seconds>`: choose a supported expiry - `--api-url <url>`: override the default `<server>/api/v1` - `--name <value>`: set the transfer display name - `--concurrency <n>`: limit parallel uploads per file Useful examples: ```bash bun scripts/upload.mjs --server http://localhost:8080 ./dist/report.pdf bun scripts/upload.mjs --server http://localhost:8080 --quiet ./archive.zip bun scripts/upload.mjs --server http://localhost:8080 --expires-in 600 --json ./notes.txt ``` If the user wants verification, upload a small temporary file and then confirm the public transfer API or browser can open the returned link. ## Download Require the full share link, including `#k=...`. Without the fragment key, the transfer cannot be decrypted. ```bash bun scripts/download.mjs "<share-url>" ``` Prefer these flags when relevant: - `--output <dir>`: choose the destination directory - `--quiet`: suppress progress output and keep stdout clean - `--json`: return `transferId`, `outputRoot`, and saved file paths - `--api-url <url>`: override the default `<share-origin>/api/v1` Useful examples: ```bash bun scripts/download.mjs "http://localhost:8080/t/abc123#k=..." bun scripts/download.mjs --output ./downloads "http://localhost:8080/t/abc123#k=..." bun scripts/download.mjs --quiet --json --output ./downloads "http://localhost:8080/t/abc123#k=..." ``` By default the downloader writes to `./xdrop-<transferId>` and preserves the manifest's relative paths. ## Gotchas - A download link without the `#k=...` fragment is not decryptable. Ask for the full original share URL. - Use `--quiet` whenever another command or caller needs to capture stdout. Progress logs otherwise go to stderr, but the final result still matters. ## Guardrails - Prefer `--quiet` when another command or script needs to capture stdout. - Keep the full share link fragment intact for downloads. - Do not bypass the scripts' built-in path sanitization or transfer cleanup behavior with manual ad hoc commands unless the user explicitly asks.
More from xixu-me/skills
- develop-userscriptsUse when building, debugging, packaging, or publishing browser userscripts for Tampermonkey or ScriptCat, including GM APIs, metadata blocks, permission issues, @match/@grant/@connect setup, ScriptCat background or scheduled scripts, UserConfig blocks, or subscription workflows.
- github-actions-docsUse when users ask how to write, explain, customize, migrate, secure, or troubleshoot GitHub Actions workflows, workflow syntax, triggers, matrices, runners, reusable workflows, artifacts, caching, secrets, OIDC, deployments, custom actions, or Actions Runner Controller, especially when they need official GitHub documentation, exact links, or docs-grounded YAML guidance.
- openclaw-secure-linux-cloudUse when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or reviewing Podman, pairing, sandboxing, token auth, and tool-permission defaults for a secure personal deployment.
- opensource-guide-coachUse when a user wants guidance on starting, contributing to, growing, governing, funding, securing, or sustaining an open source project, or asks about contributor onboarding, community health, maintainer burnout, code of conduct, metrics, legal basics, or open source project adoption.
- readme-i18nUse when the user wants to translate a repository README, make a repo multilingual, localize docs, add a language switcher, internationalize the README, or update localized README variants in a GitHub-style repository.
- running-claude-code-via-litellm-copilotUse when routing Claude Code through a local LiteLLM proxy to GitHub Copilot, reducing direct Anthropic spend, configuring ANTHROPIC_BASE_URL or ANTHROPIC_MODEL overrides, or troubleshooting Copilot proxy setup failures such as model-not-found, no localhost traffic, or GitHub 401/403 auth errors.
- secure-linux-web-hostingUse when setting up, hardening, or reviewing a cloud server for self-hosting, including DNS, SSH, firewalls, Nginx, static-site hosting, reverse-proxying an app, HTTPS with Let's Encrypt or ACME clients, safe HTTP-to-HTTPS redirects, or optional post-launch network tuning such as BBR.
- skills-cliUse when users ask to discover, install, list, check, update, remove, back up, restore, sync, or initialize Agent Skills, mention `bunx skills`, `npx skills`, `skills.sh`, or `skills-lock.json`, ask "find a skill for X", or want help extending agent capabilities with installable skills.
- tzstUse when the user needs to create, extract, flatten, list, test, install, script, or troubleshoot `tzst` CLI workflows for `.tzst` or `.tar.zst` archives, including compression levels, streaming mode, extraction filters, conflict resolution, JSON output, or standalone binary setup, even if they describe the archive task without naming `tzst`.
- use-my-browserUse when work depends on the user's live browser session or visible rendered state rather than static fetches, especially for browser debugging contexts or DevTools-selected elements or requests, logged-in dashboards or CMS flows, localhost apps, forms, uploads, downloads, media inspection, DOM or iframe inspection, Shadow DOM, or browser failures that look like soft 404s, auth walls, anti-bot checks, or rate limits.