← Back to Skills Marketplace
renjicode

Keplerjai Oss Uploader

by 任佶 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
65
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install keplerjai-oss-uploader
Description
将本地文件上传到阿里云 OSS 并输出 bindHost 下的可访问 URL。用户提到 OSS 上传、静态资源、keplerjai OSS 时使用。
README (SKILL.md)

\r \r

keplerjai OSS 上传(技能摘要)\r

\r 详细说明、环境变量表、安全与 OpenClaw 配置示例见同目录 README.md(人读文档;本文件刻意保持短小以降低技能加载 token)。\r \r

环境变量前缀\r

\r 必填:KEPLERJAI_OSS_ACCESS_KEY_IDKEPLERJAI_OSS_ACCESS_KEY_SECRETKEPLERJAI_OSS_ENDPOINTKEPLERJAI_OSS_BUCKET。其余见 README.mdconfig.example.envconfig.json 可补全非密钥项(skill_config 合并,shell 已设变量优先)。\r \r

上传命令({baseDir} 为本技能根目录)\r

\r

pip install -r "{baseDir}/requirements.txt"\r
python "{baseDir}/scripts/upload_to_oss.py" "/path/to/file.png"\r
```\r
\r
常用:`--flat` 扁平随机名;`-k` 指定对象键;`--dry-run` 仅打印 key/URL;`--sync-lifecycle` 上传后写入生命周期(需天数配置与 RAM 权限)。\r
\r
## Agent 要点\r
\r
1. 密钥只经 env / SecretRef 注入,**不写进对话与 SKILL 正文**。\r
2. 上传成功后把脚本输出的 `public_url` 给用户。\r
3. 生命周期运维:`python "{baseDir}/scripts/put_bucket_lifecycle.py"`(详见 `README.md`)。\r
\r
## OpenClaw\r
\r
在 `skills.entries` 中使用键名 **`keplerjai-oss-uploader`**,与 `name` 字段一致;`env` 键名与上表 `KEPLERJAI_OSS_*` 一致。完整 JSON 片段见 `README.md`。\r
\r
## 返回形式\r
以[可读文件名](url)的方式返回文件下载链接
Usage Guidance
This package appears to be a legitimate OSS uploader, but note two red flags: (1) the registry metadata does not declare the required secret environment variables even though the scripts require AccessKey ID/Secret, endpoint and bucket; (2) the skill is marked always:true which will include it in every agent run. Before installing: only provide credentials via secure secret injection (SecretRef or environment secrets), use least-privilege AccessKey (scope to PutObject and minimal additional permissions; only grant lifecycle permissions if you intend to use that feature), test with --dry-run first, avoid placing secrets in chat or .env in shared repos, and consider removing or disabling always:true so the skill runs only when explicitly invoked. Also verify the skill source/origin (it's listed as unknown) and rotate keys if they were exposed while testing.
Capability Analysis
Type: OpenClaw Skill Name: keplerjai-oss-uploader Version: 1.0.0 The skill bundle is a legitimate utility for uploading files to Aliyun OSS. It demonstrates security-conscious design by explicitly instructing the AI agent in SKILL.md and README.md to handle sensitive AccessKeys only via environment variables and never to expose them in chat logs. The Python scripts (upload_to_oss.py, oss_lifecycle.py) use the official 'oss2' SDK, implement proper filename sanitization, and use cryptographically secure random strings for file naming. No indicators of data exfiltration, malicious execution, or prompt injection were found.
Capability Assessment
Purpose & Capability
The code, README, and SKILL.md implement an Alibaba Cloud OSS uploader (uploads objects, builds public URLs, optionally writes bucket lifecycle). That matches the skill name/description. However the registry metadata lists no required env vars while the runtime clearly requires KEPLERJAI_OSS_ACCESS_KEY_ID, KEPLERJAI_OSS_ACCESS_KEY_SECRET, KEPLERJAI_OSS_ENDPOINT, KEPLERJAI_OSS_BUCKET (and optional lifecycle-related envs). The omission in metadata is an incoherence that reduces transparency.
Instruction Scope
Runtime instructions and scripts are narrowly scoped to: loading .env/config.json, computing an object key, uploading the specified local file via oss2, printing the public URL, and optionally calling PutBucketLifecycle. The skill reads local .env and config.json (expected for config) but does not appear to exfiltrate data to third-party endpoints beyond the OSS endpoint supplied by the user.
Install Mechanism
No external download/install spec is present; the bundle is instruction+code that depends on the oss2 Python package (requirements.txt). This is a low-to-moderate risk pattern (pip install from requirements is expected). There are no suspicious external URLs or extracted archives.
Credentials
The skill legitimately requires sensitive credentials (AccessKey ID/Secret) and endpoint/bucket configuration. That is expected for an OSS uploader, but the skill did not declare these required env vars in the registry metadata. Also the scripts can call PutBucketLifecycle (modifying bucket lifecycle) which requires additional RAM permissions; the need for that privilege should be explicit and limited. Users should ensure least-privilege keys (PutObject, possibly GetObject, and only lifecycle permissions if needed) rather than broad or admin credentials.
Persistence & Privilege
This skill sets always:true in SKILL.md/metadata. always:true causes the skill to be force-included in every agent run, which increases blast radius when combined with access to cloud credentials and the ability to modify bucket lifecycle. There is no clear justification for always:true for a user-invoked uploader; this is a meaningful privilege escalation risk.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install keplerjai-oss-uploader
  3. After installation, invoke the skill by name or use /keplerjai-oss-uploader
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of keplerjai-oss-uploader. - Upload local files to Alibaba Cloud OSS and return a URL accessible under the bindHost. - Supports flexible CLI uploading, custom object keys, and dry-run mode. - Secure handling of credentials via environment variables only. - Lifecycle management and OpenClaw integration guidance included. - Output links in the format of [readable filename](url).
Metadata
Slug keplerjai-oss-uploader
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Keplerjai Oss Uploader?

将本地文件上传到阿里云 OSS 并输出 bindHost 下的可访问 URL。用户提到 OSS 上传、静态资源、keplerjai OSS 时使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 65 downloads so far.

How do I install Keplerjai Oss Uploader?

Run "/install keplerjai-oss-uploader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Keplerjai Oss Uploader free?

Yes, Keplerjai Oss Uploader is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Keplerjai Oss Uploader support?

Keplerjai Oss Uploader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Keplerjai Oss Uploader?

It is built and maintained by 任佶 (@renjicode); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments