← Back to Skills Marketplace

Cos_Uploader_Qcloud_lh

Name: Cos_Uploader_Qcloud_lh
Author: jingronzhao

by jingronzhao · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install cos-uploader-qcloud-lh

Description

通过微信接收照片，自动上传到腾讯云 COS 低频存储，按年月归档管理

README (SKILL.md)

技能入口

入口脚本: run.sh
脚本语言: Python 3.6+
超时时间: 60 秒

触发条件

当收到包含图片附件的微信消息时自动触发。

匹配模式：[media attached: \x3C路径> (image/*)]

核心功能

自动解析：从 OpenClaw 消息体中提取图片本地缓存路径
内网上传：通过腾讯云内网域名上传到 COS，零流量费用
低频存储：自动设置为 STANDARD_IA 存储类型，降低存储成本
智能归档：按 年/月/月日_随机数.扩展名 格式自动归档
全量加密：桶名、Region、SecretId / SecretKey 等全部使用 Fernet 对称加密存储

配置参数

所有 COS 配置（桶名、Region、存储类型、网络模式、API 密钥）均通过 setup_config.py 交互式配置，加密存储在 scripts/conf/cos_secret.enc 中，源代码中不包含任何敏感信息。

依赖

Python >= 3.6
cos-python-sdk-v5 >= 1.9.30
cryptography >= 41.0.0

文件结构

cos-photo-uploader/
├── SKILL.md              # 技能清单（本文件）
├── README.md             # 详细说明文档
├── run.sh                # 运行入口
├── install.sh            # 安装脚本
├── package.sh            # 打包脚本
├── scripts/              # 技能代码
│   ├── skill_handler.py  # Skill 处理入口
│   ├── cos_uploader.py   # COS 上传核心模块
│   ├── config.py         # 加密配置管理
│   ├── setup_config.py   # 一站式配置工具（桶信息 + 密钥）
│   └── requirements.txt  # Python 依赖
└── screenshots/          # 截图
    └── .gitkeep

Usage Guidance

This skill appears to do what it says (upload WeChat-received photos to Tencent COS), but consider the following before installing: - Risk of local-file exfiltration: the skill will upload any file path it is given (via the OpenClaw message or the --file debug flag). Ensure OpenClaw only passes legitimate media cache paths and that untrusted inputs cannot supply arbitrary filesystem paths. - Limit COS credentials: use a scoped subaccount (least privilege) that only has the minimal COS permissions (bucket write) the skill needs; do not use root or high-privilege keys. - Protect the host and skill directory: the encrypted config and the encryption key are stored on the same host under scripts/conf/. If an attacker gains filesystem access they can decrypt secrets. Restrict access (file permissions and OS-level controls) to the skill directory and logs. - Review and test: inspect the scripts locally, run install in a controlled environment, and test uploads with non-sensitive test files first. - Consider invocation policy: if your platform allows it, restrict autonomous invocation of this skill or add additional validation (e.g., only accept files from a verified OpenClaw channel) to reduce the attack surface. If you want, I can point out exact lines to change to add a path whitelist, stricter mime checks, or to avoid storing the Fernet key on disk in the same folder.

Capability Analysis

Type: OpenClaw Skill Name: cos-uploader-qcloud-lh Version: 1.0.0 The skill bundle provides a utility for uploading images from WeChat to Tencent Cloud COS, featuring a robust setup process that encrypts API credentials locally using the Fernet (cryptography) library. However, it is classified as suspicious due to a path traversal vulnerability in `scripts/skill_handler.py`. The script extracts file paths from incoming message text via a regular expression and proceeds to upload them without validating that the paths are restricted to the intended OpenClaw media directory. This could allow an attacker to exfiltrate sensitive local files (e.g., configuration files or SSH keys) to the user's COS bucket by sending a crafted message. No evidence of intentional malice or unauthorized remote exfiltration was detected.

Capability Assessment

ℹ Purpose & Capability

Name/description, code files, and required runtime (Python + COS SDK) all match the claimed purpose (receiving images and uploading to Tencent COS). Minor metadata mismatch: the registry record said "instruction-only" / no install spec, but the package actually includes install.sh, run.sh and Python modules (i.e., it's a code bundle that installs a virtualenv and pip packages).

⚠ Instruction Scope

The runtime instructions and implementation parse a file path out of the OpenClaw message and then open and upload that file. There is no path whitelisting or additional validation: both the --file debug mode and the automatic flow will upload any local file path that the message contains. If an attacker or misconfigured OpenClaw can supply a message containing an arbitrary filesystem path, this could be used to exfiltrate sensitive files. The skill also logs to a logs/ directory and writes encrypted config + encryption key under scripts/conf/ (see environment_proportionality).

✓ Install Mechanism

There is no remote arbitrary download: install.sh creates a venv and installs well-known PyPI packages listed in scripts/requirements.txt (cos-python-sdk-v5, cryptography). package.sh and install.sh are standard shell scripts. No URL shorteners or external binary fetches were used. The install is local and traceable.

ℹ Credentials

The only secrets requested are Tencent COS SecretId/SecretKey, which are appropriate for the stated function. The skill encrypts them with Fernet and stores both the encrypted blob (cos_secret.enc) and the Fernet key (.encryption_key) under scripts/conf/ with restrictive file permissions (600). This is expected but worth noting: storing the encryption key on the same host (and in the same skill directory) means filesystem compromise or overly-broad host access still allows decryption. The code also contains a hardcoded OpenClaw media directory (/root/.openclaw/media/inbound) — it's not an external credential but is a hardcoded path assumption that may imply it expects root-style paths.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide settings. It creates directories and files inside its own skill directory (scripts/conf, scripts/logs) which is normal. The agent can invoke the skill autonomously by default (platform default) — combine with the instruction-scope concern if you allow autonomous invocation.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install cos-uploader-qcloud-lh
After installation, invoke the skill by name or use /cos-uploader-qcloud-lh
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

请详细阅读README.md，本skill企图通过微信openclaw通道，在远端轻量云上运行的OpenClaw接收微信发来的图片，并通过内网上传到Cos中。

Metadata

Slug cos-uploader-qcloud-lh

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Cos_Uploader_Qcloud_lh?

通过微信接收照片，自动上传到腾讯云 COS 低频存储，按年月归档管理. It is an AI Agent Skill for Claude Code / OpenClaw, with 92 downloads so far.

How do I install Cos_Uploader_Qcloud_lh?

Run "/install cos-uploader-qcloud-lh" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cos_Uploader_Qcloud_lh free?

Yes, Cos_Uploader_Qcloud_lh is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cos_Uploader_Qcloud_lh support?

Cos_Uploader_Qcloud_lh is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cos_Uploader_Qcloud_lh?

It is built and maintained by jingronzhao (@jingronzhao); the current version is v1.0.0.

More Skills