← Back to Skills Marketplace

Volcengine TOS Storage

Name: Volcengine TOS Storage
Author: day253

by day253 · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

332

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install day253-volcengine-storage-tos

Description

Object storage operations for Volcengine TOS (Tinder Object Storage). Use when users need bucket management, object upload/download, listing, deletion, presi...

README (SKILL.md)

Category: provider

Volcengine TOS 对象存储

Validation

mkdir -p output/volcengine-storage-tos
python -m py_compile skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py && echo "py_compile_ok" > output/volcengine-storage-tos/validate.txt

Pass criteria: command exits 0 and output/volcengine-storage-tos/validate.txt is generated.

Output And Evidence

Save operation results, manifests, and logs to output/volcengine-storage-tos/.
Keep one validation log per execution.

Prerequisites

Python 3.8+
Install TOS SDK: pip install tos
Set environment variables:
- VOLCENGINE_ACCESS_KEY — AK（AccessKey ID）
- VOLCENGINE_SECRET_KEY — SK（SecretKey）
- VOLCENGINE_TOS_ENDPOINT — TOS 服务端点，如 tos-cn-beijing.volces.com
- VOLCENGINE_TOS_REGION — 地域，如 cn-beijing

Optional: use .env in repo root; script will auto-load.

Normalized interface

Subcommands

Subcommand	Description
`list-buckets`	列举所有桶
`create-bucket`	创建桶
`delete-bucket`	删除桶（需为空桶）
`list-objects`	列举桶内对象（支持 prefix/max-keys）
`upload`	上传本地文件到桶
`download`	下载对象到本地文件
`delete`	删除对象
`head`	获取对象元数据（大小、类型、ETag）
`presign`	生成预签名 URL
`copy`	复制对象

Common flags

--bucket — 桶名
--key — 对象键
--file — 本地文件路径（上传/下载用）
--prefix — 列举前缀
--max-keys — 列举数量上限，默认 100
--expires — 预签名有效期（秒），默认 3600
--print-json — 输出 JSON 格式

Quick start

# 列举所有桶
python skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py list-buckets

# 列举桶内对象
python skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py list-objects \
  --bucket my-bucket --prefix images/ --max-keys 50

# 上传文件
python skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py upload \
  --bucket my-bucket --key data/report.pdf --file ./report.pdf

# 下载文件
python skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py download \
  --bucket my-bucket --key data/report.pdf --file ./downloaded.pdf

# 获取元数据
python skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py head \
  --bucket my-bucket --key data/report.pdf

# 生成预签名 URL（1 小时有效）
python skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py presign \
  --bucket my-bucket --key data/report.pdf --expires 3600

# 删除对象（需显式确认 --confirm）
python skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py delete \
  --bucket my-bucket --key data/report.pdf --confirm

Safety Rules

删除操作（delete / delete-bucket）需传 --confirm 标志，防止误删。
上传时自动推断 Content-Type。
下载时验证写入文件的大小与 Content-Length 一致。

Operational guidance

端点格式：tos-{region}.volces.com，如 tos-cn-beijing.volces.com。
桶名全局唯一，3-63 个小写字母/数字/短横线。
大文件（>100MB）建议使用分片上传（SDK 自动处理）；本脚本使用 put_object_from_file，对中小文件友好。
遇 403 请检查 AK/SK 及 IAM 策略。

Output location

Default output: output/volcengine-storage-tos/
Override base dir with OUTPUT_DIR.

Workflow

Confirm user intent, bucket, region, and whether the operation is read-only or mutating.
Run one minimal read-only query (list-buckets / head) to verify connectivity and permissions.
Execute the target operation with explicit parameters and bounded scope.
Verify results and save output/evidence files.

References

references/api_reference.md — SDK 方法与 API 映射
references/sources.md — 官方文档链接

Usage Guidance

This skill appears to implement the advertised Volcengine TOS features, but there are a few red flags to consider before installing: - Metadata mismatch: the skill metadata declares no required env vars, but the script requires VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY, VOLCENGINE_TOS_ENDPOINT, and VOLCENGINE_TOS_REGION. Expect to provide those credentials; ask the publisher to update the metadata so automated tooling can surface that requirement. - .env auto-load: the script will read a .env file from the current directory and from the repository root (it looks for a .git folder). That can cause it to load unrelated secrets stored in repository-level .env files. If you install/run this skill, avoid placing high-privilege secrets in repo-level .env files or run the skill in an isolated workspace. - Path mismatch: the SKILL.md validation command references a deeper path than the included file path; confirm the correct script location so validation works, or update the SKILL.md. - Limit credentials: use scoped IAM credentials that only allow the minimum bucket operations needed (avoid using account-wide or overly permissive keys). Consider creating a dedicated user/key with limited permissions for testing. - Run review: read the included scripts/tos_manage.py yourself (it is small and readable) and, if possible, run it in a container or dedicated environment first. Confirm there are no hidden network destinations (none found in the provided files) and that outputs are written only to the documented output directory. If the publisher updates the metadata to declare required env vars and removes or documents the repo-root .env auto-load, many of the concerns would be resolved.

Capability Analysis

Type: OpenClaw Skill Name: day253-volcengine-storage-tos Version: 1.0.0 The skill bundle provides a standard management interface for Volcengine TOS (Tinder Object Storage) using the official 'tos' Python SDK. The core logic in 'scripts/tos_manage.py' implements expected storage operations (upload, download, list, delete) with appropriate safety measures, such as requiring a confirmation flag for destructive actions. No evidence of data exfiltration, unauthorized execution, or prompt injection was found.

Capability Assessment

⚠ Purpose & Capability

The code and SKILL.md both describe a Volcengine TOS object-storage tool and legitimately need Volcengine credentials and endpoint information. However the registry metadata lists no required environment variables or primary credential despite the script requiring VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY, VOLCENGINE_TOS_ENDPOINT, and VOLCENGINE_TOS_REGION. That metadata omission is an incoherence (the skill claims no required env but actually needs cloud credentials).

⚠ Instruction Scope

SKILL.md gives validation/usage commands that reference a nested path (skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py) which does not match the included file path (scripts/tos_manage.py) — this may break automated validation. The runtime instructions and script also auto-load a .env from the current working directory and from the repository root (found by locating a .git directory). Auto-loading repo-root .env can cause the script to read unrelated secrets from the repository, which is scope creep relative to a simple storage client. Otherwise the subcommands and flags are limited to storage operations and stay within the expected scope.

✓ Install Mechanism

This is an instruction-only skill with no install spec. It relies on the public 'tos' Python SDK (pip install tos), which is a normal, low-risk dependency. No arbitrary downloads or archive extraction are present in the manifest.

⚠ Credentials

The script requires four Volcengine env vars (AK/SK/endpoint/region) — appropriate for the stated purpose — but these are not declared in the skill's top-level requirements, which is inconsistent and may mislead users about what secrets are needed. Additionally, the script will silently load a .env file from repo root or cwd and inject values into os.environ if keys are missing, increasing the chance of picking up unrelated credentials. No other unrelated credentials are requested.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide settings. It writes output to an output/volcengine-storage-tos/ directory as documented, which is reasonable for evidence logging. Autonomous invocation is allowed (platform default) but does not combine with other high privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install day253-volcengine-storage-tos
After installation, invoke the skill by name or use /day253-volcengine-storage-tos
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: TOS object storage with tos SDK (list/upload/download/presign/copy)

Metadata

Slug day253-volcengine-storage-tos

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Volcengine TOS Storage?

Object storage operations for Volcengine TOS (Tinder Object Storage). Use when users need bucket management, object upload/download, listing, deletion, presi... It is an AI Agent Skill for Claude Code / OpenClaw, with 332 downloads so far.

How do I install Volcengine TOS Storage?

Run "/install day253-volcengine-storage-tos" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Volcengine TOS Storage free?

Yes, Volcengine TOS Storage is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Volcengine TOS Storage support?

Volcengine TOS Storage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Volcengine TOS Storage?

It is built and maintained by day253 (@day253); the current version is v1.0.0.

More Skills