← 返回 Skills 市场
keepchen

Backup image to StarDots

作者 keepchen · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
317
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install stardots-backup
功能描述
Automatically back up images to stardots.io cloud storage with secure MD5 authentication and configurable credentials.
安全使用建议
Before installing: 1) Verify you trust the publisher (source/homepage are not provided here). 2) Only provide Stardots API credentials you intend to use for image backups (use scoped or revocable keys if possible). 3) Be aware the skill reads ~/.config/stardots/config.json and environment variables; don't place unrelated secrets there. 4) Confirm that attachment paths are controlled by the platform and cannot be crafted to point to sensitive local files (otherwise the skill could upload local files labeled as images). 5) Review the endpoint (https://api.stardots.io) and the support contact in skill.yaml if you need provenance. 6) If you have strict security requirements, review the code locally or run in a sandboxed environment before granting network/filesystem permissions.
功能分析
Type: OpenClaw Skill Name: stardots-backup Version: 1.0.0 The skill is designed to upload images to stardots.io but contains a potential shell injection vulnerability in `src/index.ts` (and `dist/index.js`). It constructs a `curl` command using `tools.exec` by directly embedding configuration values such as `apiKey` and `space` into the command string without sanitization. While the code's behavior aligns with its stated purpose and no clear evidence of intentional malice was found, the use of unsanitized inputs in a shell execution context is a high-risk vulnerability.
能力评估
Purpose & Capability
Name/description, skill.yaml permissions (network, filesystem), SKILL.md configuration options, and the code all align: the skill uploads image attachments to https://api.stardots.io using an API key/secret and space. It does not request unrelated services or credentials.
Instruction Scope
Runtime instructions and code are narrowly scoped to locating credentials (skill config, env vars, or ~/.config/stardots/config.json), selecting image attachments, generating an MD5 sign, and calling curl via tools.exec to upload the file. One important caveat: the skill will call curl on the attachment.path provided — if an attachment entry points to an arbitrary local path (and is labeled as an image), that file will be uploaded. The skill does not further validate file contents or restrict paths.
Install Mechanism
There is no install spec that downloads remote code; the package contains its own JS/TS files bundled. No external installers or URL downloads are used.
Credentials
The skill does not demand unrelated secrets. It uses API credentials that match its purpose (apiKey, apiSecret, space) via config, env vars (STARDOTS_API_KEY/SECRET/SPACE) or a local config file — these are proportionate to image upload functionality.
Persistence & Privilege
The skill is not force-installed (always: false) and does not request elevated platform-wide privileges beyond network and filesystem access declared in skill.yaml. It does not modify other skills or global configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install stardots-backup
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /stardots-backup 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of stardots-backup. - Automatically backs up images to the stardots.io cloud platform - Supports MD5 signature authentication for secure uploads - Flexible credential management via environment variables, config files, or skill config - Written in TypeScript for type safety - Handles simple image upload commands with user-friendly triggers - Rate limits (300/min), file size (up to 30MB), and filename length (170 chars) enforced
元数据
Slug stardots-backup
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Backup image to StarDots 是什么?

Automatically back up images to stardots.io cloud storage with secure MD5 authentication and configurable credentials. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 317 次。

如何安装 Backup image to StarDots?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install stardots-backup」即可一键安装,无需额外配置。

Backup image to StarDots 是免费的吗?

是的,Backup image to StarDots 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Backup image to StarDots 支持哪些平台?

Backup image to StarDots 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Backup image to StarDots?

由 keepchen(@keepchen)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论