Clawbox Media Server & Upload
Lightweight HTTP servers for bidirectional file sharing between an AI agent and users on the local network.
What It Does
- - Media Server (port 18801) — Serves files from a shared directory. Users can browse and download.
- Upload Server (port 18802) — Accepts file uploads via web UI (drag-and-drop) or API. Saves to the same shared directory.
- Same-origin design — Upload page served from upload server to avoid CORS/Safari issues.
- Directory listing — Media server root shows all files with download links.
- Auto-start services — Systemd units for both servers (optional).
All files are stored in ~/projects/shared-media and instantly accessible to the agent.
Quick Start (One-Command)
From your login session (with systemd user bus):
CODEBLOCK0
That's it! The installer:
- - Creates
~/projects/shared-media if needed - Starts both servers immediately
- Installs systemd service files for auto-start on boot
Access URLs (replace 192.168.68.75 with your host's LAN IP):
- - Upload page: �INLINECODE3
- File browser: �INLINECODE4
Manual Setup
If you prefer to start manually:
1. Start Media Server (serves files):
�CODEBLOCK1
2. Start Upload Server (accepts uploads):
�CODEBLOCK2
Both read from/write to ~/projects/shared-media by default.
Usage Patterns
Agent → User (Serving Files)
Agent copies a file to the shared directory:
�CODEBLOCK3
Then sends the user a link:
�CODEBLOCK4
The user can also browse all files at http://192.168.68.75:18801/.
User → Agent (Uploading Files)
User opens http://192.168.68.75:18802/ in any browser, drags files in. ✅ Done.
Agent sees the files immediately in ~/projects/shared-media/ and can read them.
Combined Workflow
- 1. User uploads via �INLINECODE9
- Agent reads file from disk (
~/projects/shared-media/<filename>) - Agent processes/transforms it
- Agent drops result in same directory
- User downloads from �INLINECODE11
Fully LAN-based, no internet.
Configuration
Ports & Paths
| Variable | Default | Purpose |
|---|
| INLINECODE12 | INLINECODE13 | Media server port |
| INLINECODE14 |
18802 | Upload server port |
|
MEDIA_ROOT /
UPLOAD_ROOT |
$HOME/projects/shared-media | Shared storage directory |
Set as environment variables before starting the servers, or edit the systemd service files.
Systemd Services
Service names:
- -
media-server.service — Node.js media server - INLINECODE20� — Python upload server
Enable auto-start (run once from your login session):
�CODEBLOCK5
Start/stop/restart/check status:
systemctl --user start|stop|restart|status media-server.service
systemctl --user start|stop|restart|status upload-server.service
API (Upload Server)
Endpoint: POST /upload (multipart/form-data, field name file)
Request:
�CODEBLOCK7
Response (JSON):
�CODEBLOCK8
The file is immediately available in the shared directory and via the media server.
Security Notes
⚠️ IMPORTANT: Read Before Deploying
- - No authentication — anyone who can reach the ports can upload/download files. Only use on physically secured, trusted networks. Do NOT expose to the internet without additional authentication/reverse proxy.
- Binding address — By default, servers bind to
0.0.0.0 (all interfaces). To restrict to a specific LAN interface, set BIND_ADDR environment variable to your LAN IP (e.g., 192.168.68.75). Example:
BIND_ADDR=192.168.68.75 MEDIA_PORT=18801 node server.js
- - Firewall recommended — Even on LAN, consider blocking external interfaces (WAN) using a host firewall (
ufw, iptables). Allow only your LAN subnet to ports 18801/18802. - Directory listing — The media server root (
:18801/) shows all filenames. This may leak information. If privacy is needed, disable directory listing by modifying server.js or block access via firewall. - Content Security — The upload page uses inline JavaScript (CSP relaxed). This is acceptable for a local-only service, but be aware.
- Systemd services — If you enable systemd services, they run under your user account. Ensure your user account is secure. Consider using a dedicated low-privilege user for production.
Best Practice: Manual Start for Testing
Before enabling systemd auto-start, run the servers manually to verify behavior:
CODEBLOCK10
Then test upload/download from another device. Once satisfied, run install-all.sh to set up systemd services (with the same BIND_ADDR configured in the service files).
Troubleshooting
"Address already in use" on startup
A previous instance is still running. Stop it first:
�CODEBLOCK11
Or change ports via environment variables.
Upload fails with CORS/Safari errors
The upload page is served from the same port as the upload endpoint (18802), so cross-origin issues shouldn't occur. Ensure you're accessing
http://<host>:18802/ and not the old media-server copy.
Systemd user bus not available
Run
systemctl --user enable ... from your normal login shell (not a cron or SSH non-interactive session without DBUS
SESSIONBUS_ADDRESS set). The
install-all.sh script will start servers manually in any case.
Files & Structure
CODEBLOCK12
All files are self-contained; no external npm/pip dependencies beyond Node.js and Python stdlib.
License
Open source. Feel free to modify and redistribute.
技能名称: clawbox-media-server
详细描述:
Clawbox 媒体服务器与上传
轻量级 HTTP 服务器,用于 AI 代理与本地网络用户之间的双向文件共享。
功能说明
- - 媒体服务器(端口 18801) — 提供共享目录中的文件服务。用户可以浏览和下载。
- 上传服务器(端口 18802) — 通过网页界面(拖放)或 API 接受文件上传。保存到同一共享目录。
- 同源设计 — 上传页面由上传服务器提供,避免 CORS/Safari 问题。
- 目录列表 — 媒体服务器根目录显示所有文件及下载链接。
- 自动启动服务 — 两个服务器的 Systemd 单元(可选)。
所有文件存储在 ~/projects/shared-media 中,代理可立即访问。
快速开始(单命令)
从您的登录会话(使用 systemd 用户总线)执行:
bash
bash ~/.openclaw/workspace/skills/clawbox-media-server/scripts/install-all.sh
就这样!安装程序会:
- - 必要时创建 ~/projects/shared-media
- 立即启动两个服务器
- 安装 systemd 服务文件以实现开机自启
访问地址(将 192.168.68.75 替换为您主机的局域网 IP):
- - 上传页面:http://192.168.68.75:18802/
- 文件浏览器:http://192.168.68.75:18801/
手动设置
如果您更倾向于手动启动:
1. 启动媒体服务器(提供文件服务):
bash
node ~/.openclaw/workspace/skills/clawbox-media-server/scripts/server.js
监听于 0.0.0.0:18801
2. 启动上传服务器(接受上传):
bash
UPLOAD_PORT=18802 python3 ~/.openclaw/workspace/skills/clawbox-media-server/scripts/upload-server.py
在 / 提供 UI,在 POST /upload 提供上传端点
默认情况下,两者均从 ~/projects/shared-media 读取/写入。
使用模式
代理 → 用户(提供文件)
代理将文件复制到共享目录:
bash
cp /path/to/output.pdf ~/projects/shared-media/
然后向用户发送链接:
http://192.168.68.75:18801/output.pdf
用户还可以在 http://192.168.68.75:18801/ 浏览所有文件。
用户 → 代理(上传文件)
用户在任何浏览器中打开 http://192.168.68.75:18802/,拖放文件即可。✅ 完成。
代理立即在 ~/projects/shared-media/ 中看到文件并可以读取。
组合工作流
- 1. 用户通过 http://192.168.68.75:18802/ 上传
- 代理从磁盘读取文件(~/projects/shared-media/<文件名>)
- 代理处理/转换文件
- 代理将结果放入同一目录
- 用户从 http://192.168.68.75:18801/<结果> 下载
完全基于局域网,无需互联网。
配置
端口与路径
| 变量 | 默认值 | 用途 |
|---|
| MEDIAPORT | 18801 | 媒体服务器端口 |
| UPLOADPORT |
18802 | 上传服务器端口 |
| MEDIA
ROOT / UPLOADROOT | $HOME/projects/shared-media | 共享存储目录 |
在启动服务器前设置为环境变量,或编辑 systemd 服务文件。
Systemd 服务
服务名称:
- - media-server.service — Node.js 媒体服务器
- upload-server.service — Python 上传服务器
启用自启(从您的登录会话运行一次):
bash
systemctl --user enable media-server.service upload-server.service
启动/停止/重启/检查状态:
bash
systemctl --user start|stop|restart|status media-server.service
systemctl --user start|stop|restart|status upload-server.service
API(上传服务器)
端点: POST /upload(multipart/form-data,字段名 file)
请求:
bash
curl -X POST -F file=@/path/to/file.jpg http://192.168.68.75:18802/upload
响应(JSON):
json
{
filename: file.jpg,
size: 123456,
download_url: http://192.168.68.75:18801/file.jpg,
view_url: http://192.168.68.75:18801/file.jpg,
saved_to: /home/clawbox/projects/shared-media/file.jpg
}
该文件立即在共享目录中可用,并可通过媒体服务器访问。
安全说明
⚠️ 重要:部署前请阅读
- - 无身份验证 — 任何能访问端口的人都可以上传/下载文件。仅在物理安全、受信任的网络上使用。未经额外身份验证/反向代理,请勿暴露到互联网。
- 绑定地址 — 默认情况下,服务器绑定到 0.0.0.0(所有接口)。要限制到特定局域网接口,请将 BIND_ADDR 环境变量设置为您的局域网 IP(例如 192.168.68.75)。示例:
bash
BIND
ADDR=192.168.68.75 MEDIAPORT=18801 node server.js
- - 建议使用防火墙 — 即使在局域网内,也建议使用主机防火墙(ufw、iptables)阻止外部接口(WAN)。仅允许您的局域网子网访问端口 18801/18802。
- 目录列表 — 媒体服务器根目录(:18801/)显示所有文件名。这可能会泄露信息。如果需要隐私,请修改 server.js 禁用目录列表,或通过防火墙阻止访问。
- 内容安全 — 上传页面使用内联 JavaScript(CSP 宽松)。对于仅限本地服务,这是可接受的,但请注意。
- Systemd 服务 — 如果您启用 systemd 服务,它们将在您的用户账户下运行。请确保您的用户账户安全。建议在生产环境中使用专用的低权限用户。
最佳实践:手动启动进行测试
在启用 systemd 自启之前,手动运行服务器以验证行为:
bash
终端 1
cd ~/.openclaw/workspace/skills/clawbox-media-server/scripts
BIND_ADDR=192.168.68.75 node server.js
终端 2
cd ~/.openclaw/workspace/skills/clawbox-media-server/scripts
BIND_ADDR=192.168.68.75 python3 upload-server.py
然后从另一台设备测试上传/下载。满意后,运行 install-all.sh 设置 systemd 服务(在服务文件中配置相同的 BIND_ADDR)。
故障排除
启动时出现地址已在使用
上一个实例仍在运行。先停止它:
bash
pkill -f server.js
pkill -f upload-server.py
或通过环境变量更改端口。
上传失败,出现 CORS/Safari 错误
上传页面与上传端点(18802)来自同一端口,因此不应出现跨域问题。确保您访问的是 http://<主机>:18802/,而不是旧的媒体服务器副本。
Systemd 用户总线不可用
从您的正常登录 shell(不是 cron 或未设置 DBUS
SESSIONBUS_ADDRESS 的 SSH 非交互会话)运行 systemctl --user enable ...。install-all.sh 脚本无论如何都会手动启动服务器。
文件与结构
skills/clawbox-media-server/
├── SKILL.md (本文件)
├── server.js (媒体服务器)
├── upload-server.py (上传服务器)
├── upload.html (上传界面,由上传服务器提供)
├── media-server.service (systemd 单元)
├── upload-server.service (systemd 单元)
└── install-all.sh (一键安装程序)
所有文件均为独立文件;除 Node.js 和 Python 标准库外,无需外部 npm/pip 依赖。
许可证
开源。欢迎修改和重新分发。
