← 返回 Skills 市场

Doge Oss Upload

Name: Doge Oss Upload
Author: white0dew

作者青玉白露 · GitHub ↗ · v0.1.0

cross-platform ⚠ suspicious

316

总下载

当前安装

版本数

在 OpenClaw 中安装

/install doge-oss-skill

功能描述

Upload a local file to DogeCloud OSS (DogeCloud 对象存储) and return a public URL + metadata. Use when the user asks to “upload to doge/dogecloud”, “生成公网链接”, “把截...

使用说明 (SKILL.md)

Doge Upload Public Info

Use the bundled uploader script to upload a local file with DogeCloud temporary credentials and print machine-readable public access info.

Read references/dogecloud-oss.md when API details are needed.

Quick Start

Export environment variables (camelCase or DOGECLOUD_* both supported):
- accessKey / DOGECLOUD_ACCESS_KEY
- secretKey / DOGECLOUD_SECRET_KEY
- bucket / DOGECLOUD_BUCKET (bucket name or s3Bucket)
- endpoint / DOGECLOUD_ENDPOINT
- publicBaseUrl / DOGECLOUD_PUBLIC_BASE_URL
- prefix / DOGECLOUD_PREFIX
Install dependencies:

python3 -m pip install -U boto3 requests

Run:

python3 scripts/doge_upload_public_info.py ./local/file.jpg

Workflow

Resolve bucket from env/CLI (support bucket name or s3Bucket).
Resolve upload key from --key, otherwise use prefix/\x3Clocal-filename>.
Request temporary credentials from /auth/tmp_token.json using scoped permissions.
Upload file with Boto3 S3 client and returned s3Bucket + s3Endpoint.
Return JSON with upload metadata and public URL candidates.

Output Contract

Return a JSON object with:

bucket, s3_bucket, s3_endpoint, object_key
file metadata (path, size_bytes, md5)
tmp_token metadata (channel, expired_at)
public_info:
- primary_url
- candidates (custom domain, derived test domain, and S3 endpoint style candidate)
- notes

Guardrails

Keep permanent AccessKey/SecretKey on server side only.
Default to OSS_UPLOAD for least privilege; use OSS_FULL only when explicitly required.
If required env vars are missing, fail fast and print a clear reminder listing all missing keys.
Warn that test domains ending with .oss.dogecdn.com can expire (commonly after 30 days).
Prefer --public-base-url when the user requests a production-ready public URL.

Resources

scripts/

scripts/doge_upload_public_info.py: upload and public-info extractor CLI.

references/

references/dogecloud-oss.md: minimal API notes and URL caveats from official docs.

安全使用建议

This appears to be a genuine DogeCloud OSS uploader script, but the package metadata incorrectly omits the env vars and credentials it needs. Before installing or running: (1) review the bundled script yourself (it’s included) and confirm the DogeCloud API host (https://api.dogecloud.com) is correct for your use; (2) do not hand over high-privilege or long-lived keys—create a limited-scope key or use the script’s temporary-token (OSS_UPLOAD) flow with short TTLs; (3) prefer setting only minimally-scoped credentials in a safe environment (server-side if possible) rather than exposing them to an automated agent you don’t fully control; (4) if you plan to let the agent invoke the skill autonomously, be explicit about which credentials will be available to it and consider removing permanent keys from the agent environment; (5) ask the skill author/maintainer to fix the registry metadata to declare required env vars so packaging and permissions are transparent.

功能分析

Type: OpenClaw Skill Name: doge-oss-skill Version: 0.1.0 The skill is designed to upload a local file to DogeCloud OSS. It uses standard Python libraries (boto3, requests) and interacts with the legitimate DogeCloud API (api.dogecloud.com). The script follows good security practices by requesting temporary, scoped credentials for the upload and validating the S3 endpoint. While it reads sensitive API keys from environment variables, this is a standard and expected practice for cloud interaction scripts, and there is no evidence of these keys being exfiltrated or used for any purpose other than interacting with DogeCloud. No malicious execution, persistence mechanisms, or prompt injection attempts were found in any files.

能力评估

⚠ Purpose & Capability

The skill's stated purpose (upload a local file to DogeCloud OSS) matches the included script and instructions: the script calls DogeCloud APIs and uploads via a temporary S3-style token. However the registry metadata claims "Required env vars: none" and "Primary credential: none" while SKILL.md, README, and the script require several environment variables (accessKey/secretKey/bucket/endpoint/prefix/publicBaseUrl). That mismatch is an incoherence in packaging/metadata.

✓ Instruction Scope

Runtime instructions are narrowly scoped to uploading a local file: they read a local file, call DogeCloud API endpoints (https://api.dogecloud.com/*) to list buckets and request a temporary token, and then upload via boto3 to the returned s3Endpoint. The SKILL.md and script do not attempt to read unrelated system files or call unrelated external endpoints.

ℹ Install Mechanism

There is no install spec (instruction-only skill plus a bundled Python script). The SKILL.md instructs installing Python deps with pip (boto3, requests) which is common and expected. Because the package includes an executable script that will be run locally, confirm you trust this specific script before running pip and executing it, but the install mechanism itself is standard and not using arbitrary download URLs.

⚠ Credentials

The credentials and env vars the script requires (accessKey/secretKey/DOGECLOUD_BUCKET/ENDPOINT/PREFIX/ PUBLIC_BASE_URL) are appropriate for uploading to DogeCloud, but the package metadata does not declare them. That omission is problematic because a user or automated system might not realize they will need to provide secrets. Also be careful: the script encourages using permanent AccessKey/SecretKey server-side, but running this locally (or handing these to an agent) will expose permanent credentials unless you follow the temporary-token flow; prefer least-privilege keys and short TTLs.

✓ Persistence & Privilege

The skill does not request permanent platform presence (always:false) and does not modify other skills or global agent settings. It will run as invoked and can be invoked autonomously (default), which is expected for skills; no extra privileges are requested.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install doge-oss-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /doge-oss-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

- Initial release of the doge-oss-upload skill: easily upload local files to DogeCloud OSS and retrieve a public URL plus metadata. - Supports both camelCase and DOGECLOUD_* environment variables for credentials and configuration. - Provides a command-line uploader script with machine-readable JSON output including public URL, upload metadata, and token info. - Includes clear guardrails for credentials and URL usage to ensure security and proper environment setup. - Offers quick-start instructions, workflow description, and references for API details.

元数据

Slug doge-oss-skill

版本 0.1.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Doge Oss Upload 是什么？

Upload a local file to DogeCloud OSS (DogeCloud 对象存储) and return a public URL + metadata. Use when the user asks to “upload to doge/dogecloud”, “生成公网链接”, “把截... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 316 次。

如何安装 Doge Oss Upload？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install doge-oss-skill」即可一键安装，无需额外配置。

Doge Oss Upload 是免费的吗？

是的，Doge Oss Upload 完全免费（开源免费），可自由下载、安装和使用。

Doge Oss Upload 支持哪些平台？

Doge Oss Upload 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Doge Oss Upload？

由青玉白露（@white0dew）开发并维护，当前版本 v0.1.0。