← Back to Skills Marketplace
mnhkahn

Cloudinary Cli

by Bryce · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
26
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cloudinary-cli
Description
Upload files and images to Cloudinary via CLI. Use when user wants to upload local files or images to Cloudinary CDN, especially when needing automatic image...
README (SKILL.md)

Cloudinary CLI Uploader

Upload local files or remote URLs to Cloudinary with automatic image compression support.

Workflow

1. Check Installation

Check if the CLI binary exists at ./cloudinary-cli (project root). If not, run the install script:

bash .agents/skills/cloudinary-cli/scripts/install.sh

If Go is not installed, prompt the user to install Go first.

2. Check Configuration (.env)

Check if cmd/cli/.env exists and contains all required variables. If any are missing, prompt the user for the missing values and write them to cmd/cli/.env.

Required variables:

  • CLOUDINARY_CLOUD - Cloudinary cloud name
  • CLOUDINARY_KEY - API key
  • CLOUDINARY_SECRET - API secret

Optional variables:

  • CLOUDINARY_DIRECTORY - Upload folder (default: root)
  • CLOUDINARY_COMPRESS - Auto-compress images: true/false (default: true)

3. Upload Files

Run the upload script with file paths:

bash .agents/skills/cloudinary-cli/scripts/upload.sh \x3Cfile1> [file2] ...

Or run the CLI directly:

cd cmd/cli && ../../cloudinary-cli file1.jpg file2.png

The CLI automatically:

  • Compresses images when CLOUDINARY_COMPRESS=true
  • Leaves non-image files untouched
  • Supports both local paths and remote URLs

Image Compression

When CLOUDINARY_COMPRESS is true (default), images are uploaded with Cloudinary q_auto transformation for automatic quality optimization. Supported image formats: jpg, jpeg, png, gif, webp, bmp, tiff, svg, ico, heic, heif, avif.

To disable compression for a specific upload, temporarily set CLOUDINARY_COMPRESS=false in .env.

Usage Guidance
Key things to consider before installing/running this skill: - Metadata mismatch: the skill metadata does not declare required Cloudinary credentials, but the runtime requires CLOUDINARY_CLOUD, CLOUDINARY_KEY, and CLOUDINARY_SECRET. Treat this as a warning sign and verify expected requirements before proceeding. - Secrets handling: the scripts expect a plaintext file at cmd/cli/.env and will export its contents into the environment. Do not store production credentials in plaintext in the repo. Prefer using a secure secret store or ephemeral/test keys. - Source-to-binary risk: install.sh builds whatever is at ./cmd/cli in the discovered project root (it finds the nearest go.mod by walking up). If you run this inside a repository you don't fully trust, the build could produce and run code you didn't review. Inspect the cmd/cli source before building or run the build in an isolated environment. - Inconsistency between docs and code: SKILL.md claims the agent will prompt for missing env values and write them, but upload.sh actually errors if .env is missing. Expect manual setup (creating .env) unless you add a safer prompting/writing flow. - If you decide to use it: audit the cmd/cli source (the Go code), ensure .env is kept out of commits (add to .gitignore), and use least-privilege Cloudinary credentials (rotate/delete keys after testing).
Capability Analysis
Type: OpenClaw Skill Name: cloudinary-cli Version: 1.0.0 The skill contains a shell injection vulnerability in 'scripts/upload.sh' due to the insecure method of loading environment variables using 'export $(grep -v '^#' "$ENV_FILE" | xargs)'. Because 'SKILL.md' instructs the AI agent to prompt the user for credentials and write them directly into the '.env' file, a malicious user or prompt could inject shell commands into the configuration values that would execute when the script is run. While the tool's purpose of uploading to Cloudinary is legitimate, the lack of input sanitization in the wrapper scripts poses a security risk.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
The SKILL.md and scripts implement a Cloudinary CLI uploader and require CLOUDINARY_CLOUD/KEY/SECRET, and a local Go build of ./cmd/cli — that is coherent with the stated purpose. However the skill metadata declares no required environment variables or primary credential while the runtime explicitly needs Cloudinary API credentials; this metadata mismatch is misleading.
Instruction Scope
Instructions direct the agent to read and export cmd/cli/.env and to build/run a local binary. SKILL.md says the agent should 'prompt the user for missing values and write them to cmd/cli/.env', but the provided upload.sh script does not implement prompting/writing (it errors out if .env is missing). The scripts export the entire .env into the environment (export $(grep -v '^#' "$ENV_FILE" | xargs)), which can leak secrets to any child processes. The installer/search logic walks up the filesystem to find go.mod, which can pick up a different project root than the user expects.
Install Mechanism
There is no registry install; install.sh runs a local 'go build -o cloudinary-cli ./cmd/cli/' after locating a go.mod. This is low-risk in that it doesn't download arbitrary binaries, but it will compile whatever source exists at ./cmd/cli in the discovered project root — potentially building unintended or malicious code if the workspace contains untrusted source.
Credentials
The required credentials (CLOUDINARY_CLOUD, CLOUDINARY_KEY, CLOUDINARY_SECRET) are appropriate for a Cloudinary uploader, but the skill metadata omits these requirements. The runtime practices (writing/reading a plaintext cmd/cli/.env and exporting all variables) raise the risk of accidental credential exposure (committing .env to source control or leaking to child processes).
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or modify other skills. It runs on-demand and builds/executes a local binary — normal for a CLI helper.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cloudinary-cli
  3. After installation, invoke the skill by name or use /cloudinary-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the Cloudinary CLI upload skill: - Upload local files or remote URLs directly to Cloudinary via CLI. - Supports automatic image compression using Cloudinary's `q_auto` transformation. - Batch uploads and both image/non-image file handling. - Prompts for required Cloudinary credentials and configuration if missing. - Simple shell scripts for installation and upload workflow.
Metadata
Slug cloudinary-cli
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Cloudinary Cli?

Upload files and images to Cloudinary via CLI. Use when user wants to upload local files or images to Cloudinary CDN, especially when needing automatic image... It is an AI Agent Skill for Claude Code / OpenClaw, with 26 downloads so far.

How do I install Cloudinary Cli?

Run "/install cloudinary-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cloudinary Cli free?

Yes, Cloudinary Cli is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cloudinary Cli support?

Cloudinary Cli is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cloudinary Cli?

It is built and maintained by Bryce (@mnhkahn); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments