← 返回 Skills 市场
1872
总下载
2
收藏
18
当前安装
2
版本数
在 OpenClaw 中安装
/install cloud-storage
功能描述
Manage files across cloud providers with authentication, cost awareness, and multi-provider operations.
使用说明 (SKILL.md)
When to Use
User needs to upload, download, sync, or manage files across cloud storage providers. Agent handles multi-provider operations with cost awareness.
Quick Reference
| Topic | File |
|---|---|
| Provider-specific patterns | providers.md |
| Authentication setup | auth.md |
| Cost calculation | costs.md |
Scope
This skill covers operational cloud storage tasks across providers:
- S3, GCS, Azure Blob, Backblaze B2, Cloudflare R2
- Google Drive, Dropbox, OneDrive, iCloud
For storage architecture decisions, see storage skill.
For S3-specific deep patterns, see s3 skill.
Critical Rules
- Verify operations completed — API 200 ≠ success; check file exists with correct size/checksum
- Calculate ALL costs before large transfers — egress fees often exceed storage costs; check
costs.md - Never delete without backup verification — confirm backup exists AND is restorable before removing source
- Handle partial failures — long operations fail mid-way; implement checkpoints and resume logic
- Rate limits vary wildly — Google 750GB/day upload, Dropbox batch limits, S3 3500 PUT/s per prefix
Authentication Traps
- OAuth tokens expire — refresh before long operations, not during
- Service account ≠ user account — different quotas, permissions, audit trails
- Wrong region/endpoint — S3 bucket in
eu-west-1won't work withs3.amazonaws.com - MFA required — some operations need session tokens, plan for interactive auth
Multi-Provider Gotchas
| Concept | Translates differently |
|---|---|
| Shared folder | Drive "Shared with me" ≠ Dropbox "Team Folders" ≠ OneDrive "SharePoint" |
| File ID | Drive uses IDs; Dropbox uses paths; S3 uses keys |
| Versioning | S3 explicit enable; Drive automatic; Dropbox 180 days |
| Permissions | S3 ACLs + policies; Drive roles; Dropbox link-based |
Before Any Bulk Operation
- Estimated time calculated (size ÷ bandwidth)
- Rate limits checked for both source AND destination
- Cost estimate including egress + API calls
- Checkpoint/resume strategy for failures
- Verification method defined (checksum, count, spot-check)
安全使用建议
This skill is functionally coherent for multi‑cloud file operations, but exercise caution before providing credentials. Key points: (1) The skill text explicitly uses and suggests storing highly sensitive secrets (AWS keys, GCP JSON, Azure client secrets, OAuth refresh tokens) but the registry entry declares no required envs or provenance—ask the author how credentials are expected to be provided and stored. (2) Prefer using least-privilege service accounts/app-specific keys and short-lived or instance role credentials rather than long-lived root keys. (3) Confirm where refresh tokens or stored credentials would be kept and who/what can access them. (4) Because this is instruction-only (no install), no code will be written by the skill itself, but if you allow the agent to act autonomously it can call provider APIs using any credentials you provide—restrict autonomous invocation if you are uncomfortable. (5) If you need higher assurance, request the skill’s source/homepage or a signed provenance, or run the agent in a restricted environment with only ephemeral credentials and audit logging enabled.
功能分析
Type: OpenClaw Skill
Name: cloud-storage
Version: 1.0.1
The OpenClaw AgentSkills skill bundle for 'cloud-storage' is classified as benign. The `SKILL.md` and supporting documentation (`auth.md`, `costs.md`, `providers.md`) provide comprehensive instructions and best practices for managing cloud storage, including critical security advice regarding authentication, cost awareness, and operational safety. While `auth.md` details how to handle sensitive credentials (e.g., AWS access keys, Google service account keys) via environment variables or CLI commands, it does so in an educational context, explicitly warning about security traps like using root account keys or handling service account keys. There is no evidence of prompt injection, data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The content is entirely aligned with the stated purpose of managing cloud files securely and efficiently.
能力评估
Purpose & Capability
The name/description match the content: auth, cost, and provider patterns for S3, GCS, Azure, Backblaze, R2, Drive/Dropbox/OneDrive are all covered. Including consumer providers (Google Drive, Dropbox, OneDrive) is reasonable. The mention of iCloud correctly notes there is no public file API. Overall capability is coherent with purpose.
Instruction Scope
The runtime instructions (auth.md, providers.md) explicitly reference reading and setting environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, GOOGLE_APPLICATION_CREDENTIALS, AZURE_CLIENT_SECRET, etc.), local credential files (~/.aws/credentials, /path/to/key.json), CLI logins (gcloud, az, aws implicit metadata), and storing refresh tokens. The skill manifest lists no required env vars or config paths—SKILL.md therefore accesses sensitive credentials/configuration without declaring them. The instructions do not direct data to unexpected external endpoints beyond the cloud providers, but they do instruct behaviors (storing refresh tokens) that affect sensitive data handling and persistence decisions.
Install Mechanism
Instruction-only skill with no install spec and no code files. This lowers risk from arbitrary code downloads or installation artifacts.
Credentials
The credentials and secrets referenced are directly relevant to cloud storage management (AWS keys, GCP service account JSON, Azure service principal, OAuth refresh tokens). That is proportionate to the stated purpose. However: (1) many different credential types are discussed (broad surface area), (2) the skill does not declare or require any environment variables or a primary credential in its registry metadata, and (3) instructions mention storing refresh tokens without describing secure storage—these are sensitive choices the user should control.
Persistence & Privilege
always:false and no install steps mean the skill does not request forced persistence. As an instruction-only skill it will only act when invoked (or when the agent is allowed to call it). There is no evidence it tries to modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cloud-storage - 安装完成后,直接呼叫该 Skill 的名称或使用
/cloud-storage触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Added When to Use section for consistency
v1.0.0
Initial release
元数据
常见问题
Cloud Storage 是什么?
Manage files across cloud providers with authentication, cost awareness, and multi-provider operations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1872 次。
如何安装 Cloud Storage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cloud-storage」即可一键安装,无需额外配置。
Cloud Storage 是免费的吗?
是的,Cloud Storage 完全免费(开源免费),可自由下载、安装和使用。
Cloud Storage 支持哪些平台?
Cloud Storage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 Cloud Storage?
由 Iván(@ivangdavila)开发并维护,当前版本 v1.0.1。
推荐 Skills