← Back to Skills Marketplace
lubin1127

image-url-qiniu

by lubin1127 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
87
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install image-url-qiniu
Description
Download an image from a user-supplied HTTP(S) URL and upload it to Qiniu cloud. Use when the user gives an image link and wants it stored on Qiniu (backup,...
README (SKILL.md)

\r \r

Image URL → Qiniu\r

\r 将公网可访问的图片 URL 拉取到本地内存并上传到七牛对象存储,标准输出末尾会打印 MEDIA_URL: 行(七牛公网地址),与览客/飞书交付约定一致。\r \r

前置条件(运维)\r

\r 在运行环境的进程环境中配置(写入对话或用户资料):\r \r | 变量 | 说明 |\r |------|------|\r | QINIU_ACCESS_KEY | 七牛 AccessKey |\r | QINIU_SECRET_KEY | 七牛 SecretKey |\r | QINIU_BUCKET | 存储空间名 |\r | QINIU_PUBLIC_BASE_URL | HTTPS 访问基址,如 https://cdn.example.com不要末尾 / |\r | QINIU_KEY_PREFIX | 可选,对象名前缀,默认 openclaw/url-import |\r \r 目标 Bucket 需公开读(或你方自行改用私有空间 + 下载凭证,本脚本仅输出直链)。\r \r

用法\r

\r

uv run {baseDir}/scripts/url_image_to_qiniu.py --url "https://example.com/path/to/image.png"\r
```\r
\r
可选参数:\r
\r
- `--max-mb N`:单图最大体积(默认 `25`),超限则失败,防止误抓大文件。\r
- `--no-verify-ssl`:下载时关闭 SSL 校验(仅在内网/代理异常时慎用)。\r
- `--timeout SEC`:下载超时秒数(默认 `60`)。\r
\r
## Agent 工作流\r
\r
1. 从用户消息中取得**完整图片地址**(`http://` 或 `https://`)。\r
2. 在技能目录下执行:  \r
   `uv run {baseDir}/scripts/url_image_to_qiniu.py --url "\x3CURL>"`\r
3. 在输出中查找 **`MEDIA_URL:`** 行,将其后 URL 交给用户;若渠道为飞书,须**另起一行输出完整 URL 纯文本**(与览客规则一致)。\r
4. 若失败:根据脚本 stderr 提示检查 URL 是否可直连、是否为图片、七牛配置与 Bucket 域名。\r
\r
## 合规与安全\r
\r
- 仅处理用户明确提供且有权使用的链接;不要对未授权版权素材主动批量镜像。\r
- 脚本会校验响应 `Content-Type` 为 `image/*` 或部分源站使用的 `application/octet-stream`;后者会按文件头魔数识别 PNG/JPEG/GIF/WebP/BMP。\r
\r
## 输出约定\r
\r
- 成功:打印一行 `MEDIA_URL: https://...`(七牛上的新地址)。\r
- 失败:非零退出码,错误信息在 stderr。\r
Usage Guidance
This skill does what it says (downloads a URL and uploads to Qiniu) but two things to check before installing: (1) metadata mismatch — the skill requires QINIU_ACCESS_KEY, QINIU_SECRET_KEY, QINIU_BUCKET, and QINIU_PUBLIC_BASE_URL at runtime but the registry metadata does not advertise these; do not put those secrets into chat, they must be set in the process environment. (2) SSRF and network risk — the script will fetch any provided URL, so avoid passing internal or sensitive endpoints and consider network egress controls or allowlist/denylist checks. Also ensure the 'uv' binary and the script's Python dependencies (requests, qiniu) are available in your environment. Prefer using a dedicated Qiniu account/bucket with limited permissions, consider using signed/private buckets if you need tighter control, and test in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill Name: image-url-qiniu Version: 1.0.0 The skill is a legitimate utility for downloading images from a user-provided URL and uploading them to Qiniu cloud storage. The Python script (scripts/url_image_to_qiniu.py) uses standard environment variables for credentials, implements file size limits, and includes content-type sniffing to ensure only images are processed, which mitigates common risks like SSRF or large file attacks. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
The code and SKILL.md clearly require QINIU_ACCESS_KEY, QINIU_SECRET_KEY, QINIU_BUCKET, and QINIU_PUBLIC_BASE_URL to function; however the registry metadata lists no required environment variables. That mismatch is incoherent: the skill cannot work without those Qiniu credentials but they are not declared in the metadata/manifest.
Instruction Scope
Runtime instructions tell the agent to fetch arbitrary user-provided http(s) URLs and run the included script. The SKILL.md says only to handle publicly accessible URLs, but the script will happily request any reachable URL — creating a server-side request forgery (SSRF) risk (internal hosts, metadata endpoints, etc.). The instructions also allow disabling SSL verification (a risky option). The agent is told to read environment variables for credentials (which is expected) but those env vars are not declared in the manifest.
Install Mechanism
This is instruction-only with an included Python script; no install spec is provided. The skill requires the 'uv' binary (declared) and the script lists Python packages (requests, qiniu) in comments but does not include an installer. It appears to rely on the runtime environment/'uv' to provide dependencies — verify that 'uv' and the Python dependencies are available. No external download URLs are used.
Credentials
The environment variables the script requires (full Qiniu access key and secret, bucket name, public base URL) are appropriate for uploading to Qiniu, but they are sensitive and should be declared in the skill metadata (they are not). The skill does not request unrelated credentials, but the manifest omission is an important discrepancy.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system modifications or access to other skills' configs. It runs on invocation and does not attempt to persist or escalate privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install image-url-qiniu
  3. After installation, invoke the skill by name or use /image-url-qiniu
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of image-url-qiniu. - Downloads images from user-supplied HTTP(S) URLs and uploads them to Qiniu cloud storage. - Outputs a direct Qiniu image link (MEDIA_URL) suitable for backup, CDN, or Feishu/Outlook-safe sharing. - Supports file size limits, SSL verification toggling, and download timeouts. - Requires Qiniu credentials and bucket configuration set via environment variables. - Enforces public-read bucket and basic content-type/magic number validation for images. - Error messages are provided on failure for troubleshooting.
Metadata
Slug image-url-qiniu
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is image-url-qiniu?

Download an image from a user-supplied HTTP(S) URL and upload it to Qiniu cloud. Use when the user gives an image link and wants it stored on Qiniu (backup,... It is an AI Agent Skill for Claude Code / OpenClaw, with 87 downloads so far.

How do I install image-url-qiniu?

Run "/install image-url-qiniu" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is image-url-qiniu free?

Yes, image-url-qiniu is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does image-url-qiniu support?

image-url-qiniu is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created image-url-qiniu?

It is built and maintained by lubin1127 (@lubin1127); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments