← 返回 Skills 市场
zororaka00

Cloudflare R2 CLI

作者 Web3 Hungry · GitHub ↗ · v1.0.6
cross-platform ⚠ suspicious
531
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install r2-cli
功能描述
Minimal Python CLI for secure upload, download, list, and delete operations on Cloudflare R2 storage using AWS Signature V4 authentication.
安全使用建议
This skill appears to be a straightforward R2 CLI, but be careful: the registry metadata claims no required env vars while the SKILL.md and r2.py require five sensitive environment variables (account ID, access key ID, secret, bucket, region). Before installing or enabling this skill: - Treat CF_R2_ACCESS_KEY_ID and CF_R2_SECRET_ACCESS_KEY as sensitive credentials and provide them via a secure secret manager or ephemeral environment, not in persistent config or code. - Confirm the platform/registry entry is updated to declare required env vars so secrets aren't accidentally omitted or exposed by automation. - Test the script in a non-production environment first (it reads env vars at import and will exit if they are missing). - Review that the ACCOUNT_ID you supply will result in requests to *.r2.cloudflarestorage.com (the code enforces this host). - If you need least-privilege, create an access key limited to the specific bucket and operations required. If the metadata mismatch was intentional or you cannot confirm origin/trustworthiness of the skill source, do not provide production credentials.
功能分析
Type: OpenClaw Skill Name: r2-cli Version: 1.0.6 The OpenClaw R2 CLI skill is classified as benign. Both the `SKILL.md` documentation and the `r2.py` source code demonstrate a strong focus on security. The skill explicitly uses environment variables for sensitive credentials, employs `defusedxml` for safe XML parsing, and critically, the `_validate_url` function in `r2.py` strictly enforces HTTPS and restricts network communication to only `cloudflarestorage.com` domains. There is no evidence of malicious intent such as data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts against the agent in the markdown instructions. The code is well-structured and adheres to security best practices for interacting with cloud storage.
能力评估
Purpose & Capability
The declared purpose (Cloudflare R2 CLI) matches the code and instructions (upload/download/list/delete using AWS SigV4). However the registry metadata at the top of the provided manifest claims no required env vars/binaries while SKILL.md and the code require five sensitive environment variables (account id, access key id, secret, bucket, region). This metadata mismatch is incoherent and could cause automated platforms to mis-handle secrets or permissions.
Instruction Scope
SKILL.md instructs the user to set and verify environment variables and to install defusedxml if missing; those instructions stay within the stated purpose. One operational detail: the code reads required environment variables at import time and exits if they are missing, which means simply loading or invoking the skill without env vars will terminate the process — this is a behavior the runtime should be aware of but is not inherently malicious.
Install Mechanism
This is an instruction-only skill with no install spec and a single Python file. It uses defusedxml (recommended to be pip-installed). No downloads from untrusted URLs or archives are present; installation risk is low.
Credentials
The skill legitimately requires Cloudflare R2 credentials (ACCESS_KEY_ID and SECRET_ACCESS_KEY, account id, bucket). Those sensitive env vars are appropriate for the stated functionality. The concern is the inconsistent registry metadata (claims no required envs) which could hide or misrepresent the need to provide secrets to the runtime. The number and type of env vars requested are otherwise proportionate to the task.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify other skills or system-wide settings. Model invocation is allowed (default) but combined with the other findings does not by itself raise a privilege concern.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install r2-cli
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /r2-cli 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
Version 1.0.6 - Added required_env_vars, primaryEnv, and primarySecretEnv entries to the skill metadata for clearer environment variable usage and secret designation. - No changes to code or functional behavior; documentation updated only.
v1.0.5
- Updated skill version to 1.0.5. - Added a source attribute pointing to r2.py in the skill metadata. - Enhanced credential metadata: credentials are now explicitly marked as required, type set to "environment", and credential variables listed. - No changes made to code or feature set.
v1.0.4
- Updated skill metadata to specify environment variable requirements and descriptions. - Added security notes and emphasized temporary session use for credentials in environment setup instructions. - Included recommendations for secure credential management in production environments (e.g., keyring, secret managers). - Improved clarity and security warnings in documentation.
v1.0.3
- Updated skill name from "cloudflare-r2-cli" to "r2-cli". - Bumped version number to 1.0.3. - No code or feature changes in this release—metadata only update.
v1.0.2
- Bumped version to 1.0.2 in skill metadata. - No functional or file changes detected.
v1.0.1
- Added structured metadata section in SKILL.md, including name, description, version, author, category, tags, runtime, dependencies, and required environment variables. - No code or functional changes; documentation only. - Improves discoverability and clarity of skill information.
v1.0.0
Initial release of Cloudflare R2 CLI Skill. - Provides a minimal Python CLI tool for Cloudflare R2 storage using S3-compatible API. - Supports secure upload, download, list, and delete of bucket objects. - Requires only Python 3.11+ and the defusedxml dependency for secure XML parsing. - Credentials and configuration handled securely via environment variables. - Enforces HTTPS, hardened HTTP client, and safe XML parsing to follow modern security best practices.
元数据
Slug r2-cli
版本 1.0.6
许可证
累计安装 0
当前安装数 0
历史版本数 7
常见问题

Cloudflare R2 CLI 是什么?

Minimal Python CLI for secure upload, download, list, and delete operations on Cloudflare R2 storage using AWS Signature V4 authentication. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 531 次。

如何安装 Cloudflare R2 CLI?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install r2-cli」即可一键安装,无需额外配置。

Cloudflare R2 CLI 是免费的吗?

是的,Cloudflare R2 CLI 完全免费(开源免费),可自由下载、安装和使用。

Cloudflare R2 CLI 支持哪些平台?

Cloudflare R2 CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Cloudflare R2 CLI?

由 Web3 Hungry(@zororaka00)开发并维护,当前版本 v1.0.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论