This skill provides a standardized way for any AI model to manage files and folders on a Filebrowser server by making direct HTTP calls. Filebrowser uses a "hidden" API with JWT authentication.
- Official Repository: filebrowser/filebrowser
- Host: The Filebrowser URL (e.g., https://filebrowser.example.com ) - Username: Default is "" (empty string) - Password: Default is ""
(empty string)
All operations (except login) require the X-Auth: [JWT_TOKEN]
header. Tokens expire in 2 hours.
curl -X POST "https://[HOST]/api/login" \
-H "Content-Type: application/json" \
-d '{"username":"[USERNAME]","password":"[PASSWORD]","recaptcha":""}'
Output: Returns the raw JWT token string directly in the response body.
Endpoint: GET /api/resources/[PATH]
Example: curl -X GET "https://[HOST]/api/resources/disk1" -H "X-Auth: [JWT_TOKEN]"
Presentation: Parse the JSON items array and display as a clean table (Name, Size, Type, Modified).
Endpoint: PATCH /api/resources/[SOURCE_ENCODED]?action=rename&destination=[DEST_ENCODED]&override=false&rename=false
- Source ([SOURCE_ENCODED]): Path relative to root. Special characters MUST be percent-encoded, but slashes (
/ ) MUST NOT be encoded. - Destination ([DEST_ENCODED]): MUST be fully percent-encoded (including slashes). Example: Move disk2/downloads/test 1/ to disk2/test 1/
curl -X PATCH "https://[HOST]/api/resources/disk2/downloads/test%201/?action=rename&destination=%2Fdisk2%2Ftest%25201&override=false&rename=false" -H "X-Auth: [JWT_TOKEN]"
Endpoint: POST /api/resources/[PATH]/[NAME]/?override=false
Rule: The path MUST end with a trailing slash (/ ).
Example: curl -X POST "https://[HOST]/api/resources/disk2/newfolder/?override=false" -H "X-Auth: [JWT_TOKEN]"
Endpoint: POST /api/resources/[PATH]/[NAME]?override=false
Rule: The path MUST NOT end with a trailing slash.
Example: curl -X POST "https://[HOST]/api/resources/disk2/newfile.txt?override=false" -H "X-Auth: [JWT_TOKEN]"
Endpoint: DELETE /api/resources/[PATH]
Example: curl -X DELETE "https://[HOST]/api/resources/disk2/oldfile.txt" -H "X-Auth: [JWT_TOKEN]"
Endpoint: GET /api/resources/[PATH]
Output: Returns JSON. The file content is in the content field.
Example: curl -X GET "https://[HOST]/api/resources/disk2/notes.txt" -H "X-Auth: [JWT_TOKEN]"
Endpoint: PUT /api/resources/[PATH]
Example:
curl -X PUT "https://[HOST]/api/resources/disk2/notes.txt" \
-H "X-Auth: [JWT_TOKEN]" \
-H "Content-Type: text/plain" \
--data "New file content goes here"
Mandatory for destination parameters and paths with special characters.
- JSON Handling: Always parse API responses. If an error occurs, report the HTTP status code and any error message in the JSON body.
- Path Safety: Before ? in URLs, do not encode slashes. Inside query parameters likedestination , always encode slashes as%2F . - Implicit Auth: If a token is available from a previous turn, reuse it. If a request fails with 401 or 403, attempt to re-login.
- Interactive Formatting: Present directory listings as Markdown tables for readability.