← 返回 Skills 市场
990
总下载
0
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install aliyun-oss
功能描述
阿里云OSS文件上传工具 - 安全、高效的文件上传和临时链接生成
使用说明 (SKILL.md)
阿里云OSS文件上传工具
安全、高效的文件上传和临时链接生成工具
🎯 核心功能
- ✅ 单文件上传: 支持上传单个本地文件到OSS
- ✅ 批量上传: 支持同时上传多个文件
- ✅ 大文件分片上传: 自动处理超过100MB的大文件
- ✅ 指定目录上传: 可指定OSS中的存储路径
- ✅ 文件大小限制: 拒绝超过2GB的文件
- ✅ 自动重命名: 避免文件名冲突(UUID或时间戳策略)
- ✅ 预签名URL生成: 自动生成临时访问链接
- ✅ 链接有效期自定义: 支持1小时、6小时、1天、7天等选项
- ✅ 文件检索: 根据文件名搜索OSS中的文件
🔒 安全特性
- ✅ AK/SK认证: 使用阿里云AccessKey进行认证
- ✅ 配置分离: 所有敏感信息通过外部配置文件管理
- ✅ 链接时效性: 预签名URL自动过期,降低数据泄露风险
- ✅ 文件大小限制: 防止上传超大文件
⚙️ 配置要求
创建配置文件 /root/.openclaw/aliyun-oss-config.json:
{
"endpoint": "oss-cn-shanghai.aliyuncs.com",
"bucket_name": "your-bucket-name",
"auth": {
"access_key_id": "your-access-key-id",
"access_key_secret": "your-access-key-secret"
},
"max_file_size_mb": 2048,
"default_expire_hours": 0.5,
"large_file_threshold_mb": 100,
"default_prefix": "uploads/"
}
🚀 使用方法
命令行使用
# 上传单个文件
python3 main.py upload /path/to/file.txt uploads/
# 批量上传
python3 main.py batch_upload file1.txt file2.txt file3.txt uploads/
# 搜索文件
python3 main.py search filename.txt
OpenClaw集成
- 支持作为媒体处理器处理文件上传
- 可通过OpenClaw的消息系统触发上传任务
- 生成的临时链接可直接在聊天中分享
🔧 技术细节
- 依赖:
oss2,requests - 分片上传: 使用OSS SDK的multipartUpload
- 预签名URL: 使用OSS SDK的sign_url方法
- 错误处理: 完善的异常处理和重试机制
🛡️ 安全最佳实践
- 使用RAM用户: 创建专门的RAM用户用于OSS上传
- 最小权限: 用户权限仅包含
oss:PutObject,oss:GetObject,oss:ListObjects - 配置文件权限: 设置为600(仅所有者可读写)
- 定期轮换: 定期更新AccessKey
🆘 故障排除
- 403错误: 检查RAM用户权限和AccessKey
- 文件大小超限: 确认文件不超过2GB限制
- 上传失败: 检查网络连接和OSS配置
💡 开发规范
此技能严格遵循以下开发准则:
- ✅ 开源兼容性: 完全符合开源skills的配置要求和目录结构
- ✅ 合规性: 完全符合当地的法律法规要求
- ✅ 功能完整性: 仅包含已实现和测试通过的功能,无占位符或未完成代码
📦 部署说明
- 生产就绪: 所有测试代码和临时文件已在发布前清理
- 安全配置: 敏感信息通过外部配置文件管理,不在源码中硬编码
- 依赖管理: 仅依赖必要的Python包(oss2, requests)
安全使用建议
This skill appears to implement an Aliyun OSS uploader, but there are several things to verify before installing or using it:
- Credentials & metadata: The code expects AK/SK in a JSON config at /root/.openclaw/aliyun-oss-config.json, but the skill registry metadata does not declare required config paths or a primary credential. Confirm where you will store credentials and ensure the metadata matches.
- Do not put long-lived root credentials in that file. Prefer a RAM user with least privilege (oss:PutObject, oss:GetObject, oss:ListObjects) or STS temporary credentials. Set config file permissions to 600 and rotate keys regularly.
- Path choice: The SKILL.md uses /root/.openclaw which is surprising for non-root use; consider changing the config path to your user home (~/.openclaw/...) before running.
- Local file reads: The uploader will read any local file path you pass and upload it to OSS. Ensure the agent only supplies intended file paths; otherwise sensitive local files could be uploaded.
- Test code: Some modules include test mains that reference /etc/hosts and /etc/passwd. Those tests run only if executed directly, but review and remove or sandbox test code if you plan to run this in a sensitive environment.
- Dependencies: The package depends on oss2 and requests (pip). Install them in a controlled virtualenv before running.
- Audit before use: If you lack confidence, run the code in an isolated environment (sandbox or VM), inspect/change the config path and credential handling to use STS, and confirm no unexpected network endpoints are contacted aside from the OSS endpoint you configure.
If you want, I can: (1) produce a checklist of minimal IAM policy JSON for a RAM user, (2) modify the code to use a user-home config path and optional environment-variable overrides, or (3) highlight exact lines that read system files so you can remove test code.
功能分析
Type: OpenClaw Skill
Name: aliyun-oss
Version: 1.0.0
This OpenClaw skill bundle provides functionality to upload files to Aliyun OSS, generate presigned URLs, and search for files. It requires Access Key/Secret for authentication, stored in a specified configuration file (`/root/.openclaw/aliyun-oss-config.json`). While the `aliyun_oss_uploader.py` module contains a capability to set uploaded objects to public-read, this feature is not enabled by default in the OpenClaw integration (`handle_media.py`) and the `SKILL.md` documentation emphasizes the use of temporary presigned URLs. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection with harmful intent. The `security_validator.py` module also indicates an awareness of security best practices.
能力评估
Purpose & Capability
The code and SKILL.md implement an OSS uploader and presigned-URL generation which matches the name/description. However the skill requires an external config file containing AccessKey ID/Secret (AK/SK) at /root/.openclaw/aliyun-oss-config.json, yet the registry metadata lists no required config paths or primary credential — that mismatch is incoherent. The hardcoded use of a root-scoped path (/root/.openclaw/...) is also unexpected for a user-facing skill.
Instruction Scope
SKILL.md instructs creating a config file with AK/SK and describes CLI and OpenClaw integration only. The code contains test/main routines that reference system files (/etc/hosts, /etc/passwd) — these are not mentioned in the instructions and could read local system files if those test entrypoints are executed. The skill uploads arbitrary local file paths provided to it (expected functionality) but that means any path the agent supplies will be read and sent to OSS, so caller should ensure only intended files are passed.
Install Mechanism
There is no install spec (instruction-only), which reduces risk from remote installers. The code imports oss2 and requests; missing packages cause the program to exit with a message to pip install them. The package.json exists but there is no pip requirements or installation guidance in SKILL.md beyond the import error message — this is a minor usability gap but not a high install risk.
Credentials
The tool requires AccessKey credentials stored in an external JSON config, but the registry metadata did not declare any required env vars or primary credential. Declaring credentials (or at least required config paths) in metadata would be expected. Also the SKILL.md recommends /root/.openclaw/... which implies writing/reading a root-owned path; this is disproportionate for a user-level skill. security_validator expects an STS token (flags its absence as risky) while sts_manager only supports AK/SK — inconsistency in credential expectations.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide agent settings, and has no installer that writes new system services. It will read local files passed to it (normal for an uploader).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install aliyun-oss - 安装完成后,直接呼叫该 Skill 的名称或使用
/aliyun-oss触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
阿里云OSS文件上传工具首发版本:
- 支持单文件、批量及分片上传,自动处理大文件(超100MB)与重命名冲突
- 最大单文件2GB限制,超限自动拒绝上传
- 预签名URL临时链接生成,默认及自定义有效期选项
- 文件名搜索、OSS指定目录上传功能
- AK/SK身份认证,凭据外部分离,安全性强化
- 详细配置样例及命令行用法说明
- 完善异常处理与故障排查提示
- 仅依赖oss2与requests,生产就绪发布
元数据
常见问题
Aliyun Oss 是什么?
阿里云OSS文件上传工具 - 安全、高效的文件上传和临时链接生成. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 990 次。
如何安装 Aliyun Oss?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install aliyun-oss」即可一键安装,无需额外配置。
Aliyun Oss 是免费的吗?
是的,Aliyun Oss 完全免费(开源免费),可自由下载、安装和使用。
Aliyun Oss 支持哪些平台?
Aliyun Oss 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Aliyun Oss?
由 Jixson(@jixsonwang)开发并维护,当前版本 v1.0.0。
推荐 Skills