← 返回 Skills 市场
850
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install hippius
功能描述
Hippius decentralized storage on Bittensor Subnet 75 — upload files, query storage, manage buckets via S3-compatible API. Use when user asks to upload to Hippius, check storage status, set up Hippius credentials, list buckets/files, or asks about IPFS vs S3 options.
使用说明 (SKILL.md)
Hippius Storage
Hippius is decentralized cloud storage on Bittensor SN75 with S3-compatible API.
Recommended path: S3 endpoint (s3.hippius.com) — the public IPFS node is deprecated.
Quick Reference
| Key | Value |
|---|---|
| S3 Endpoint | https://s3.hippius.com |
| S3 Region | decentralized |
| Access Key Format | hip_xxxxxxxxxxxx |
| Console | console.hippius.com |
| Python CLI | pip install hippius (requires self-hosted IPFS node) |
Setup
- Get S3 credentials from console.hippius.com → Settings → API Keys
- Set environment variables:
export HIPPIUS_S3_ACCESS_KEY="hip_your_access_key" export HIPPIUS_S3_SECRET_KEY="your_secret_key" - Test:
aws --endpoint-url https://s3.hippius.com --region decentralized s3 ls
Common Operations
Upload
aws --endpoint-url https://s3.hippius.com --region decentralized \
s3 cp \x3Cfile> s3://\x3Cbucket>/\x3Ckey>
Download
aws --endpoint-url https://s3.hippius.com --region decentralized \
s3 cp s3://\x3Cbucket>/\x3Ckey> \x3Clocal_path>
List buckets
aws --endpoint-url https://s3.hippius.com --region decentralized s3 ls
List objects
aws --endpoint-url https://s3.hippius.com --region decentralized s3 ls s3://\x3Cbucket>/ --recursive
Create bucket
aws --endpoint-url https://s3.hippius.com --region decentralized s3 mb s3://\x3Cbucket>
Sync directory
aws --endpoint-url https://s3.hippius.com --region decentralized \
s3 sync ./local-dir/ s3://\x3Cbucket>/remote-dir/
Python (boto3)
import boto3
import os
s3 = boto3.client(
's3',
endpoint_url='https://s3.hippius.com',
aws_access_key_id=os.environ['HIPPIUS_S3_ACCESS_KEY'],
aws_secret_access_key=os.environ['HIPPIUS_S3_SECRET_KEY'],
region_name='decentralized'
)
# Upload
s3.upload_file('local.txt', 'my-bucket', 'remote.txt')
# Download
s3.download_file('my-bucket', 'remote.txt', 'downloaded.txt')
# List
for obj in s3.list_objects_v2(Bucket='my-bucket').get('Contents', []):
print(f"{obj['Key']} ({obj['Size']} bytes)")
Scripts
scripts/query_storage.py— Query S3 buckets/objects and RPC account info
Usage:
# List S3 buckets
python scripts/query_storage.py --s3-buckets
# List objects in bucket
python scripts/query_storage.py --s3-objects my-bucket
# Query blockchain credits (requires account address)
python scripts/query_storage.py --account 5Grwva... --credits
References
references/storage_guide.md— S3 vs IPFS comparison, code examples (Python, JS)references/cli_commands.md—hippiusCLI reference (requires self-hosted IPFS node)
Troubleshooting
"Public store.hippius.network has been deprecated"
Use S3 instead. The hippius CLI's IPFS commands require a self-hosted IPFS node.
S3 auth errors
- Access key must start with
hip_ - Region must be
decentralized(notus-east-1) - Endpoint must be
https://s3.hippius.com
External Links
安全使用建议
This skill appears to implement Hippius S3 and blockchain queries, but exercise caution before installing or using it: 1) Metadata vs behavior mismatch — the package metadata does not declare the HIPPIUS_S3_ACCESS_KEY / HIPPIUS_S3_SECRET_KEY credentials (those are required by the included docs and script). Treat that omission as a signal to verify the publisher and source. 2) Sensitive seed guidance — the docs show storing a substrate seed phrase in ~/.hippius/config.json; never paste your mnemonic into third‑party tools or store it in plaintext unless you fully trust the code and environment. 3) Verify endpoints and TLS (s3.hippius.com, api.hippius.io, console.hippius.com) and confirm these are legitimate official endpoints (the skill source is unknown). 4) Use least-privilege API keys: create keys restricted to the minimal S3 actions needed (avoid using an account-level key). 5) If you must test, run the scripts in an isolated environment (container or VM) and inspect the code yourself; ask the publisher for a Git repository or signing info. If you cannot verify the origin or the credentials handling, treat this as untrusted and avoid entering seed phrases or high-privilege keys.
功能分析
Type: OpenClaw Skill
Name: hippius
Version: 1.0.1
The skill bundle is classified as suspicious due to a shell injection vulnerability in `scripts/query_storage.py`. The script constructs `aws s3` commands using `subprocess.run` where the `bucket` and `prefix` arguments are taken directly from command-line input without sanitization. An attacker controlling these inputs could inject arbitrary shell commands, leading to Remote Code Execution (RCE) on the system running the script. These injected commands would execute with the `HIPPIUS_S3_ACCESS_KEY` and `HIPPIUS_S3_SECRET_KEY` environment variables, potentially compromising credentials or performing unauthorized actions.
能力评估
Purpose & Capability
The skill's name/description match the included instructions and the script: S3 operations against s3.hippius.com and RPC calls to api.hippius.io are coherent with a Hippius storage helper. The provided CLI and Python examples align with S3 and optional IPFS usage.
Instruction Scope
SKILL.md and references instruct the agent and user to use AWS CLI/boto3/hippius CLI and to set environment variables for S3 keys; they also include commands and a script to call an RPC API. The docs include guidance to store a substrate seed phrase in the hippius CLI config (~/.hippius/config.json) for blockchain ops — that is within the skill's stated blockchain-related functionality but is sensitive and expands the scope to key/seed management.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction-plus-bundled-script only. It invokes local tools (aws, python) but does not pull arbitrary archives or run remote installers — low install risk.
Credentials
The manifest lists no required env vars or primary credential, but the SKILL.md and scripts clearly require HIPPIUS_S3_ACCESS_KEY and HIPPIUS_S3_SECRET_KEY (and the aws CLI or boto3). References also show commands to store a twelve-word seed in ~/.hippius/config.json. The metadata omission (no declared credentials) is an incoherence; the skill legitimately needs S3 keys for S3 ops, but guidance to store seed phrases in config is high-sensitivity and should be highlighted and handled with strong warnings.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare system-wide persistence. It only runs user-invoked scripts and makes network calls — normal for this capability.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hippius - 安装完成后,直接呼叫该 Skill 的名称或使用
/hippius触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Removed x402 payment integration to resolve security scanner false positive. Core S3 storage functionality only.
v1.0.0
Initial release: S3 storage operations, x402 USDC micropayments support
元数据
常见问题
Hippius Storage 是什么?
Hippius decentralized storage on Bittensor Subnet 75 — upload files, query storage, manage buckets via S3-compatible API. Use when user asks to upload to Hippius, check storage status, set up Hippius credentials, list buckets/files, or asks about IPFS vs S3 options. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 850 次。
如何安装 Hippius Storage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hippius」即可一键安装,无需额外配置。
Hippius Storage 是免费的吗?
是的,Hippius Storage 完全免费(开源免费),可自由下载、安装和使用。
Hippius Storage 支持哪些平台?
Hippius Storage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Hippius Storage?
由 maxquick(@maxquick)开发并维护,当前版本 v1.0.1。
推荐 Skills