← 返回 Skills 市场
87
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install image-url-qiniu
功能描述
Download an image from a user-supplied HTTP(S) URL and upload it to Qiniu cloud. Use when the user gives an image link and wants it stored on Qiniu (backup,...
使用说明 (SKILL.md)
\r \r
Image URL → Qiniu\r
\r
将公网可访问的图片 URL 拉取到本地内存并上传到七牛对象存储,标准输出末尾会打印 MEDIA_URL: 行(七牛公网地址),与览客/飞书交付约定一致。\r
\r
前置条件(运维)\r
\r
在运行环境的进程环境中配置(勿写入对话或用户资料):\r
\r
| 变量 | 说明 |\r
|------|------|\r
| QINIU_ACCESS_KEY | 七牛 AccessKey |\r
| QINIU_SECRET_KEY | 七牛 SecretKey |\r
| QINIU_BUCKET | 存储空间名 |\r
| QINIU_PUBLIC_BASE_URL | HTTPS 访问基址,如 https://cdn.example.com,不要末尾 / |\r
| QINIU_KEY_PREFIX | 可选,对象名前缀,默认 openclaw/url-import |\r
\r
目标 Bucket 需公开读(或你方自行改用私有空间 + 下载凭证,本脚本仅输出直链)。\r
\r
用法\r
\r
uv run {baseDir}/scripts/url_image_to_qiniu.py --url "https://example.com/path/to/image.png"\r
```\r
\r
可选参数:\r
\r
- `--max-mb N`:单图最大体积(默认 `25`),超限则失败,防止误抓大文件。\r
- `--no-verify-ssl`:下载时关闭 SSL 校验(仅在内网/代理异常时慎用)。\r
- `--timeout SEC`:下载超时秒数(默认 `60`)。\r
\r
## Agent 工作流\r
\r
1. 从用户消息中取得**完整图片地址**(`http://` 或 `https://`)。\r
2. 在技能目录下执行: \r
`uv run {baseDir}/scripts/url_image_to_qiniu.py --url "\x3CURL>"`\r
3. 在输出中查找 **`MEDIA_URL:`** 行,将其后 URL 交给用户;若渠道为飞书,须**另起一行输出完整 URL 纯文本**(与览客规则一致)。\r
4. 若失败:根据脚本 stderr 提示检查 URL 是否可直连、是否为图片、七牛配置与 Bucket 域名。\r
\r
## 合规与安全\r
\r
- 仅处理用户明确提供且有权使用的链接;不要对未授权版权素材主动批量镜像。\r
- 脚本会校验响应 `Content-Type` 为 `image/*` 或部分源站使用的 `application/octet-stream`;后者会按文件头魔数识别 PNG/JPEG/GIF/WebP/BMP。\r
\r
## 输出约定\r
\r
- 成功:打印一行 `MEDIA_URL: https://...`(七牛上的新地址)。\r
- 失败:非零退出码,错误信息在 stderr。\r
安全使用建议
This skill does what it says (downloads a URL and uploads to Qiniu) but two things to check before installing: (1) metadata mismatch — the skill requires QINIU_ACCESS_KEY, QINIU_SECRET_KEY, QINIU_BUCKET, and QINIU_PUBLIC_BASE_URL at runtime but the registry metadata does not advertise these; do not put those secrets into chat, they must be set in the process environment. (2) SSRF and network risk — the script will fetch any provided URL, so avoid passing internal or sensitive endpoints and consider network egress controls or allowlist/denylist checks. Also ensure the 'uv' binary and the script's Python dependencies (requests, qiniu) are available in your environment. Prefer using a dedicated Qiniu account/bucket with limited permissions, consider using signed/private buckets if you need tighter control, and test in an isolated environment first.
功能分析
Type: OpenClaw Skill
Name: image-url-qiniu
Version: 1.0.0
The skill is a legitimate utility for downloading images from a user-provided URL and uploading them to Qiniu cloud storage. The Python script (scripts/url_image_to_qiniu.py) uses standard environment variables for credentials, implements file size limits, and includes content-type sniffing to ensure only images are processed, which mitigates common risks like SSRF or large file attacks. No evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
The code and SKILL.md clearly require QINIU_ACCESS_KEY, QINIU_SECRET_KEY, QINIU_BUCKET, and QINIU_PUBLIC_BASE_URL to function; however the registry metadata lists no required environment variables. That mismatch is incoherent: the skill cannot work without those Qiniu credentials but they are not declared in the metadata/manifest.
Instruction Scope
Runtime instructions tell the agent to fetch arbitrary user-provided http(s) URLs and run the included script. The SKILL.md says only to handle publicly accessible URLs, but the script will happily request any reachable URL — creating a server-side request forgery (SSRF) risk (internal hosts, metadata endpoints, etc.). The instructions also allow disabling SSL verification (a risky option). The agent is told to read environment variables for credentials (which is expected) but those env vars are not declared in the manifest.
Install Mechanism
This is instruction-only with an included Python script; no install spec is provided. The skill requires the 'uv' binary (declared) and the script lists Python packages (requests, qiniu) in comments but does not include an installer. It appears to rely on the runtime environment/'uv' to provide dependencies — verify that 'uv' and the Python dependencies are available. No external download URLs are used.
Credentials
The environment variables the script requires (full Qiniu access key and secret, bucket name, public base URL) are appropriate for uploading to Qiniu, but they are sensitive and should be declared in the skill metadata (they are not). The skill does not request unrelated credentials, but the manifest omission is an important discrepancy.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system modifications or access to other skills' configs. It runs on invocation and does not attempt to persist or escalate privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install image-url-qiniu - 安装完成后,直接呼叫该 Skill 的名称或使用
/image-url-qiniu触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of image-url-qiniu.
- Downloads images from user-supplied HTTP(S) URLs and uploads them to Qiniu cloud storage.
- Outputs a direct Qiniu image link (MEDIA_URL) suitable for backup, CDN, or Feishu/Outlook-safe sharing.
- Supports file size limits, SSL verification toggling, and download timeouts.
- Requires Qiniu credentials and bucket configuration set via environment variables.
- Enforces public-read bucket and basic content-type/magic number validation for images.
- Error messages are provided on failure for troubleshooting.
元数据
常见问题
image-url-qiniu 是什么?
Download an image from a user-supplied HTTP(S) URL and upload it to Qiniu cloud. Use when the user gives an image link and wants it stored on Qiniu (backup,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 87 次。
如何安装 image-url-qiniu?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install image-url-qiniu」即可一键安装,无需额外配置。
image-url-qiniu 是免费的吗?
是的,image-url-qiniu 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
image-url-qiniu 支持哪些平台?
image-url-qiniu 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 image-url-qiniu?
由 lubin1127(@lubin1127)开发并维护,当前版本 v1.0.0。
推荐 Skills