← 返回 Skills 市场
610
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install oss-upload-online-access
功能描述
Upload files to Aliyun OSS or Tencent COS and return public access URLs. Use when the user wants to upload files, access files online, upload to OSS, get rem...
安全使用建议
This skill appears to implement OSS/COS uploads, but be careful with credentials: do NOT paste AccessKey/Secret into public channels or logs. Prefer injecting credentials via your platform's secure environment-variable mechanism rather than entering them into chat. Before installing, inspect scripts/upload.js (and confirm how it reads credentials — env vars vs local config.json) and run npm install in an isolated environment if possible. Ensure any config.json files are stored with strict filesystem permissions and rotate keys after first use. If the platform demands you paste secrets into a conversation for 'automatic install', ask for an alternative (secure env injection or manual editing of a local config file). If you have low trust in the registry owner, consider creating a least-privilege sub-account or temporary credentials for uploads.
功能分析
Type: OpenClaw Skill
Name: oss-upload-online-access
Version: 1.7.0
The skill bundle provides legitimate functionality for uploading local files or remote URLs to Aliyun OSS or Tencent COS. The SKILL.md contains proactive defensive instructions designed to prevent the AI agent from leaking sensitive cloud credentials (OSS_ALIYUN_* / OSS_TENCENT_*) during a session. The core logic in scripts/upload.js uses official SDKs, implements file size restrictions (100MB), and includes a post-upload verification step via HEAD requests without any evidence of data exfiltration or malicious intent.
能力评估
Purpose & Capability
Name/description match the included code: scripts/upload.js and config.example.json implement OSS/COS uploads using ali-oss / cos-nodejs-sdk. No unrelated credentials or binaries are requested. However registry metadata omits required environment variable declarations (the SKILL.md explains this omission), which makes automated platform scanning flag the package as suspicious — the omission is explainable but reduces transparency to the platform.
Instruction Scope
SKILL.md instructs the agent/user to provide cloud credentials (examples show pasting AccessKey/Secret into chat) or to let OpenClaw write credentials into ~/.openclaw/openclaw.json. It also explicitly forbids the agent from reading/printing config or env vars and says only node scripts/upload.js may read credentials. That restriction is a policy, not a technical enforcement; it relies on correct runtime behavior of the platform/agent and user discipline. Asking users to put secrets into chat or to allow the platform to write them carries risk of secret exposure in logs or transcripts.
Install Mechanism
No automated install spec is included (instruction-only install). package.json declares reasonable OSS/COS libraries (ali-oss, cos-nodejs-sdk-v5, axios). Because installation is manual (npm install), dependencies will be pulled from npm — standard but still a supply-chain risk if those packages are tampered with. There is no remote single-URL binary download (good).
Credentials
The skill requires cloud credentials for Aliyun or Tencent, which is proportionate to its purpose. However the registry metadata intentionally lists no required env vars (to avoid 'both required' blocking), reducing platform visibility. The SKILL.md encourages writing credentials into platform config or pasting in chat; both increase exposure. The script reads a local config.json in the skill directory (CONFIG_PATH), so credential storage location/format must be confirmed: if platform writes creds elsewhere (e.g., ~/.openclaw/openclaw.json) there must be a clear, secure mechanism that injects env vars rather than exposing raw files.
Persistence & Privilege
always is false and the skill is user-invocable only; it does not request permanent system-wide privileges. The SKILL.md mentions the platform may write to ~/.openclaw/openclaw.json — that is platform behavior rather than the skill claiming elevated privilege. No evidence that the skill attempts to modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install oss-upload-online-access - 安装完成后,直接呼叫该 Skill 的名称或使用
/oss-upload-online-access触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.7.0
- 增加“参与贡献”章节,提供了开源仓库地址和贡献说明
- 其余功能和接口文档未变,未检测到其他内容变更
v1.6.0
- 新增腾讯云 COS 可选参数 `OSS_TENCENT_STORAGE_CLASS` / `storageClass`,支持多可用区(MAZ)标准存储类型(如 `MAZ_STANDARD`)。
- 文档更新:腾讯云 COS「配置说明」添加 `storageClass` 字段,并补充说明默认行为及 MAZ 存储情况。
- 其余无功能或行为变更(本次仅文档修订,无代码更新)。
v1.5.0
- 新增「与 OpenClaw 对话安装并配置」说明,支持通过对话直接完成技能安装与凭证写入,无需手动编辑配置文件
- 增加对阿里云和腾讯云凭证通过对话安装的操作范例与安全提醒
- 其余功能、执行命令、隐私安全等无变动
v1.4.1
- 文档新增说明:「OpenClaw 安全扫描器」关于 requires.env 的 Suspicious 标记为预期行为,并解释未在 metadata 声明全部 env 变量的原因。
- 其余功能与规则保持不变,仅完善 readme 文档以减少使用疑惑。
v1.4.0
- Clarified platform preparation steps, distinguishing openclaw.json (OpenClaw / ClawHub) from local config.json setup.
- Updated wording for platform integration recommendations and removed references to ClawHub Skills UI field limitations.
- No functional or behavioral changes to the skill; documentation only.
v1.3.0
**This version clarifies credential configuration steps for OpenClaw/ClawHub users.**
- Added detailed instructions emphasizing that only `OSS_ALIYUN_ACCESS_KEY_ID` is shown in the Skills UI due to platform limitations, but users must manually fill all required environment variables in `openclaw.json`.
- Provided explicit JSON configuration examples for both Aliyun and Tencent Cloud in `openclaw.json`.
- Highlighted recommended workflow for ClawHub users: edit the config file directly instead of relying on the Skills page form.
- No code or functional changes; documentation improvements only.
v1.2.0
- Updated documentation to clarify that only `OSS_ALIYUN_ACCESS_KEY_ID` is shown in ClawHub Skills UI, and all required keys must be filled in `openclaw.json`.
- Improved setup instructions for OpenClaw/ClawHub users, including recommended environment variable configuration.
- No code changes—documentation improvements only.
v1.1.0
- Default provider is now Aliyun OSS; Tencent COS still supported with explicit configuration.
- Updated environment variable requirements and metadata to clarify Aliyun as primary.
- Clarified provider selection: Aliyun takes precedence if both are configured, unless specified otherwise.
- Documentation reorganized for clarity; usage guidance and security constraints remain strict.
- No code or functional changes detected; this is a documentation and config priority update.
v1.0.0
Initial release: Upload files to Aliyun OSS or Tencent COS and return public access URLs, with strict security compliance.
- Supports uploading local files or files from URLs to OSS/COS for online access.
- Strictly enforces credential protection: config/secret keys can only be read by the upload script, never exposed or output in any scenario.
- Validates uploaded file links for public accessibility before returning URLs.
- Supports both Aliyun and Tencent Cloud, with easy configuration via environment variables or config file.
- Comprehensive MIME mapping ensures wide file type support with proper online preview or download.
- Enforces a <100MB per file limit and randomized, safe filenames.
元数据
常见问题
Aliyun OSS or Tencent COS oss upload online access 是什么?
Upload files to Aliyun OSS or Tencent COS and return public access URLs. Use when the user wants to upload files, access files online, upload to OSS, get rem... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 610 次。
如何安装 Aliyun OSS or Tencent COS oss upload online access?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install oss-upload-online-access」即可一键安装,无需额外配置。
Aliyun OSS or Tencent COS oss upload online access 是免费的吗?
是的,Aliyun OSS or Tencent COS oss upload online access 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Aliyun OSS or Tencent COS oss upload online access 支持哪些平台?
Aliyun OSS or Tencent COS oss upload online access 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Aliyun OSS or Tencent COS oss upload online access?
由 Hean Liu(@liuhean2021)开发并维护,当前版本 v1.7.0。
推荐 Skills