← 返回 Skills 市场
108
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install aliossupload
功能描述
阿里云 OSS 文件上传工具。支持单文件上传,适用于将本地文件上传到阿里云 OSS 并获取访问链接。
使用说明 (SKILL.md)
AliOSSUpload - 阿里云 OSS 上传工具
功能
- 单文件上传到阿里云 OSS
- 返回文件的访问 URL
- 自动读取环境变量配置
环境变量
export ALIYUN_OSS_ACCESS_KEY_ID="your-access-key-id"
export ALIYUN_OSS_ACCESS_KEY_SECRET="your-access-key-secret"
export ALIYUN_OSS_ENDPOINT="oss-cn-beijing.aliyuncs.com"
export ALIYUN_OSS_BUCKET="your-bucket-name"
使用示例
from aliossupload import AliOSSUploader
uploader = AliOSSUploader()
result = uploader.upload_file("/path/to/file.mp4", "videos/file.mp4")
print(result['url'])
安全使用建议
This skill appears to be an OSS uploader and the Python code matches that function, but the package metadata and documentation disagree about what credentials and outputs are required. Before installing: 1) Verify the platform will prompt you for ALIYUN_OSS_ACCESS_KEY_ID, ALIYUN_OSS_ACCESS_KEY_SECRET, ALIYUN_OSS_ENDPOINT and ALIYUN_OSS_BUCKET (the code needs all four). 2) Use a RAM sub-account with the minimum OSS permissions (PutObject/GetObject) rather than a root account. 3) Inspect/scan the shipped aliossupload.py locally and run it in an isolated environment to confirm behavior (it creates /tmp/test.txt when run as __main__). 4) Be aware the README's returned JSON schema doesn't match the actual code — update or test the code before trusting automated workflows. 5) If you need stronger assurance, ask the publisher for a source repo or signed release and for corrected metadata/documentation. These inconsistencies look like sloppy packaging rather than overtly malicious behavior, but they increase the chance of accidental credential mishandling.
功能分析
Type: OpenClaw Skill
Name: aliossupload
Version: 1.0.0
The skill is a legitimate utility for uploading files to Aliyun OSS using the official 'oss2' library. It follows standard security practices by requiring credentials via environment variables and provides clear documentation, including a recommendation for minimal RAM permissions. No evidence of data exfiltration, malicious execution, or prompt injection was found in aliossupload.py or SKILL.md.
能力评估
Purpose & Capability
The skill's name/description and the Python code all describe an Aliyun OSS single-file uploader (coherent). However the registry metadata at the top of the report claims no required env vars/credentials while SKILL.md, clawhub.yaml, README.md and the code itself require/access ALIYUN_OSS_ACCESS_KEY_ID, ALIYUN_OSS_ACCESS_KEY_SECRET, ALIYUN_OSS_ENDPOINT and ALIYUN_OSS_BUCKET. This mismatch between published metadata and the actual files is an incoherence that could cause the platform to not surface credential needs correctly.
Instruction Scope
The SKILL.md instructions and the code are narrowly scoped to reading OSS-related environment variables, creating/uploading a local file to OSS, and returning an URL. They do not reference unrelated system files or external endpoints beyond the OSS endpoint. Minor issues: SKILL.md metadata lists only two env vars while other docs and the code need four; the module's __main__ creates /tmp/test.txt when invoked directly (benign but behavior to be aware of).
Install Mechanism
No install spec that downloads arbitrary code; dependencies are standard (oss2 listed in requirements.txt and SKILL.md). There are no external URL downloads or extract steps. Overall install risk is low.
Credentials
The credentials requested by the code (AccessKey ID and Secret plus endpoint and bucket) are appropriate for OSS upload. The concern is that the registry metadata advertised 'no required env vars/primary credential', which is incorrect. Also documentation and code disagree on returned result field names (e.g., README lists 'success','key','bucket', 'mime_type' while code returns 'status' and 'object_name'), increasing the risk of misuse or accidental credential exposure if a user misconfigures the skill expecting different behavior.
Persistence & Privilege
Skill does not request always:true, does not modify other skills or global agent settings, and is user-invocable. It will read environment variables and access network (OSS) which is expected for its purpose.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install aliossupload - 安装完成后,直接呼叫该 Skill 的名称或使用
/aliossupload触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
aliossupload 1.0.0
- 首次发布,提供阿里云 OSS 文件上传工具
- 支持单文件上传并返回访问 URL
- 自动从环境变量读取 OSS 配置信息
- 依赖 oss2 Python 库
元数据
常见问题
野龙虾 是什么?
阿里云 OSS 文件上传工具。支持单文件上传,适用于将本地文件上传到阿里云 OSS 并获取访问链接。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 108 次。
如何安装 野龙虾?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install aliossupload」即可一键安装,无需额外配置。
野龙虾 是免费的吗?
是的,野龙虾 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
野龙虾 支持哪些平台?
野龙虾 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 野龙虾?
由 JerryXn(@jerryxn)开发并维护,当前版本 v1.0.0。
推荐 Skills