← Back to Skills Marketplace
317
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install stardots-backup
Description
Automatically back up images to stardots.io cloud storage with secure MD5 authentication and configurable credentials.
Usage Guidance
Before installing: 1) Verify you trust the publisher (source/homepage are not provided here). 2) Only provide Stardots API credentials you intend to use for image backups (use scoped or revocable keys if possible). 3) Be aware the skill reads ~/.config/stardots/config.json and environment variables; don't place unrelated secrets there. 4) Confirm that attachment paths are controlled by the platform and cannot be crafted to point to sensitive local files (otherwise the skill could upload local files labeled as images). 5) Review the endpoint (https://api.stardots.io) and the support contact in skill.yaml if you need provenance. 6) If you have strict security requirements, review the code locally or run in a sandboxed environment before granting network/filesystem permissions.
Capability Analysis
Type: OpenClaw Skill
Name: stardots-backup
Version: 1.0.0
The skill is designed to upload images to stardots.io but contains a potential shell injection vulnerability in `src/index.ts` (and `dist/index.js`). It constructs a `curl` command using `tools.exec` by directly embedding configuration values such as `apiKey` and `space` into the command string without sanitization. While the code's behavior aligns with its stated purpose and no clear evidence of intentional malice was found, the use of unsanitized inputs in a shell execution context is a high-risk vulnerability.
Capability Assessment
Purpose & Capability
Name/description, skill.yaml permissions (network, filesystem), SKILL.md configuration options, and the code all align: the skill uploads image attachments to https://api.stardots.io using an API key/secret and space. It does not request unrelated services or credentials.
Instruction Scope
Runtime instructions and code are narrowly scoped to locating credentials (skill config, env vars, or ~/.config/stardots/config.json), selecting image attachments, generating an MD5 sign, and calling curl via tools.exec to upload the file. One important caveat: the skill will call curl on the attachment.path provided — if an attachment entry points to an arbitrary local path (and is labeled as an image), that file will be uploaded. The skill does not further validate file contents or restrict paths.
Install Mechanism
There is no install spec that downloads remote code; the package contains its own JS/TS files bundled. No external installers or URL downloads are used.
Credentials
The skill does not demand unrelated secrets. It uses API credentials that match its purpose (apiKey, apiSecret, space) via config, env vars (STARDOTS_API_KEY/SECRET/SPACE) or a local config file — these are proportionate to image upload functionality.
Persistence & Privilege
The skill is not force-installed (always: false) and does not request elevated platform-wide privileges beyond network and filesystem access declared in skill.yaml. It does not modify other skills or global configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install stardots-backup - After installation, invoke the skill by name or use
/stardots-backup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of stardots-backup.
- Automatically backs up images to the stardots.io cloud platform
- Supports MD5 signature authentication for secure uploads
- Flexible credential management via environment variables, config files, or skill config
- Written in TypeScript for type safety
- Handles simple image upload commands with user-friendly triggers
- Rate limits (300/min), file size (up to 30MB), and filename length (170 chars) enforced
Metadata
Frequently Asked Questions
What is Backup image to StarDots?
Automatically back up images to stardots.io cloud storage with secure MD5 authentication and configurable credentials. It is an AI Agent Skill for Claude Code / OpenClaw, with 317 downloads so far.
How do I install Backup image to StarDots?
Run "/install stardots-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Backup image to StarDots free?
Yes, Backup image to StarDots is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Backup image to StarDots support?
Backup image to StarDots is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Backup image to StarDots?
It is built and maintained by keepchen (@keepchen); the current version is v1.0.0.
More Skills