← Back to Skills Marketplace
315
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install file-upload-test
Description
上传文件到内部 BS3 存储(免签名)。Use when user asks to upload files, images, documents to storage, or get a shareable URL for a file.
README (SKILL.md)
File Upload Skill
上传文件到内部 BS3 存储,生成可分享的文件 URL。
🔐 前置条件
1. 安装依赖
pip3 install boto3 botocore
2. 网络要求
- 内网访问: 需要在内网环境使用
- Endpoint:
http://bs3-hb1.internal - 免签名: 无需配置 AWS credentials
📦 功能说明
支持的操作
| 操作 | 说明 | 输入 | 输出 |
|---|---|---|---|
upload_file |
上传本地文件 | 文件路径 | 文件 URL |
upload_bytes |
上传二进制数据 | 文件名 + 数据 | 文件 URL |
特性
- ✅ 自动去重: 上传文件名自动添加 8 位 UUID 前缀,防止重名覆盖
- ✅ 免签名: 内网免认证,直接上传
- ✅ 固定 Bucket:
kkim-mario-claw - ✅ CDN 加速: 返回
bs3-hb1.corp.tencent.com域名 URL
🚀 使用方法
命令行方式
# 上传文件
python3 ~/.openclaw/workspace/skills/file-upload/upload.py upload_file /path/to/file.png
# 输出示例
https://bs3-hb1.corp.tencent.com/kim-mario-claw/abc12345_file.png
Python API 方式
from upload import upload_file, upload_bytes
# 上传文件
url = upload_file("my-image.png", "/path/to/file.png")
print(url)
# 上传二进制数据
with open("/path/to/file.png", "rb") as f:
data = f.read()
url = upload_bytes("my-image.png", data)
print(url)
📋 使用场景
场景 1: 上传图片
用户说:
- "帮我上传这张图片"
- "把这个文件传到 BS3"
- "生成一个图片的分享链接"
处理流程:
- 获取文件路径
- 调用
upload_file - 返回 URL
场景 2: 上传文档
用户说:
- "上传这个 PDF 文件"
- "把报告传到存储"
处理流程:
- 获取文件路径
- 调用
upload_file - 返回 URL
场景 3: 上传二进制数据
用户说:
- "保存这段数据"
- "上传这个截图"
处理流程:
- 获取二进制数据
- 调用
upload_bytes - 返回 URL
📁 文件结构
~/.openclaw/workspace/skills/file-upload/
├── SKILL.md # 技能文档
├── upload.py # Python 脚本
└── .env # 可选配置(如需要)
⚠️ 注意事项
1. 内网限制
- 只能在内网使用
- Endpoint:
http://bs3-hb1.internal - 外网无法访问
2. Bucket 说明
- Bucket:
kkim-mario-claw - 用途: 临时存储,非永久保存
- 建议: 重要文件请备份到其他存储
3. 文件名处理
- 自动添加 8 位 UUID 前缀
- 示例:
file.png→a1b2c3d4_file.png - 目的:防止同名文件覆盖
4. 返回 URL 格式
https://bs3-hb1.corp.tencent.com/kim-mario-claw/{uuid}_{filename}
5. 有效期
- 链接有效期:7 天
- 超时后文件可能无法访问
- 重要文件请及时下载保存
📞 常见问题
Q: 上传失败怎么办?
检查项:
- ✅ 是否在内网
- ✅ 是否安装了
boto3和botocore - ✅ 文件路径是否正确
- ✅ 网络是否能访问
bs3-hb1.internal
Q: 如何验证上传成功?
访问返回的 URL,能正常下载/查看即成功。
Q: 文件会永久保存吗?
Bucket 名称包含 temp,建议作为临时存储,重要文件请备份。
Last updated: 2026-03-07
Usage Guidance
This skill appears to implement what it claims (unsigned internal S3 uploads), but there are inconsistencies you should resolve before trusting it: 1) Verify the correct bucket name and CDN domain (SKILL.md and upload.py disagree on 'kkim-mario-claw' vs 'kim-mario-claw' and on corp.tencent.com vs corp.kuaishou.com). 2) Confirm the actual internal endpoint (bs3-hb1.internal) and whether returned URLs use the same host/format as the upload target. 3) Note the skill does not require AWS credentials (uses unsigned client), and it accepts BS3_ENDPOINT/BS3_BUCKET/BS3_REGION via env vars—ensure those cannot be set to exfiltrate uploads to an unintended host. 4) Review and, if needed, update the hardcoded URL construction in upload.py to consistently use the configured BS3_ENDPOINT and BS3_BUCKET rather than a different hardcoded domain. 5) Test in an isolated internal environment before using with sensitive files. If you want higher confidence, ask the publisher to correct the documentation mismatches and explicitly declare the optional environment variables in the registry metadata.
Capability Analysis
Type: OpenClaw Skill
Name: file-upload-test
Version: 1.0.1
The skill provides a high-risk capability to upload local files to a remote S3-compatible endpoint without authentication using an unsigned S3 client in `upload.py`. While this behavior is aligned with the stated purpose of the skill, it functions as a potent data exfiltration primitive that could be abused via prompt injection. Additionally, there is a notable discrepancy between the domain mentioned in the documentation (`corp.tencent.com`) and the one used in the code (`corp.kuaishou.com`).
Capability Assessment
Purpose & Capability
Purpose (upload files to internal BS3 storage, unsigned) matches the code: it creates an unsigned S3 client and uploads files. However the SKILL.md and upload.py disagree on several concrete details: SKILL.md mentions bucket 'kkim-mario-claw' in one place and 'kim-mario-claw' in others; SKILL.md uses 'bs3-hb1.corp.tencent.com' for CDN URLs while upload.py constructs URLs with 'bs3-hb1.corp.kuaishou.com'. These mismatches look like sloppy copy/paste or typos and should be clarified.
Instruction Scope
Runtime instructions are focused on uploading files: installing boto3/botocore, using an internal endpoint, and calling upload_file/upload_bytes. The code only reads the file to upload and optional BS3_* env vars; it does not access unrelated system files or external endpoints beyond the internal upload endpoint and a constructed CDN URL.
Install Mechanism
This is instruction-only with a recommendation to pip-install boto3 and botocore. No external archives or arbitrary downloads are used. That is proportionate for Python upload code.
Credentials
The skill declares no required env vars, but upload.py reads optional BS3_ENDPOINT, BS3_BUCKET, and BS3_REGION environment variables (with sensible defaults). This is reasonable, but the registry metadata did not list those env vars explicitly—verify you are comfortable with overriding endpoint/bucket via environment. No AWS credentials are required (unsigned client).
Persistence & Privilege
The skill is not force-enabled (always: false) and does not request elevated persistence or modify other skills. It can be invoked by the agent (normal).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install file-upload-test - After installation, invoke the skill by name or use
/file-upload-test - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- 修改描述:将“快手内部”改为“内部”
- Endpoint 和内网使用说明中,去除了对“快手”的专有说明,改为通用“内网”
- 返回的 CDN 域名由 bs3-hb1.corp.kuaishou.com 更新为 bs3-hb1.corp.tencent.com
- 其余功能及用法保持不变
v1.0.0
- Initial release of the file-upload skill.
- Enables uploading files or binary data to the Kuaishou internal BS3 storage without authentication.
- Generates shareable URLs for uploaded files, valid for 7 days.
- Supports automatic filename deduplication with a UUID prefix.
- Usage available via both command-line and Python API, with detailed instructions and troubleshooting included.
Metadata
Frequently Asked Questions
What is 文件上传?
上传文件到内部 BS3 存储(免签名)。Use when user asks to upload files, images, documents to storage, or get a shareable URL for a file. It is an AI Agent Skill for Claude Code / OpenClaw, with 315 downloads so far.
How do I install 文件上传?
Run "/install file-upload-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 文件上传 free?
Yes, 文件上传 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 文件上传 support?
文件上传 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 文件上传?
It is built and maintained by bagayalu (@bagayalu); the current version is v1.0.1.
More Skills