ClawHub

Create and manage a sorted directory structure in AWS S3

v1.0.1

Upload many files to S3 with automatic organization by first-character prefixes.

0· 571·0 current·0 all-time
by@6mile-puppet
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (aws), declared env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY), brew install (awscli), SKILL.md, and the included bash script all match the stated goal of uploading files to S3 organized by first-character prefixes.
Instruction Scope
The runtime instructions and script operate only on a user-supplied source directory and a target S3 bucket and invoke aws s3 cp / aws s3 sync. They do not contact other external endpoints. One important behavioral note: the sync/staging flow creates symlinks to the realpath of files and will cause files referenced by symlinks (including files outside the provided directory) to be staged and uploaded — so ensure SOURCE_DIR contains only the intended files.
Install Mechanism
Install uses Homebrew to install the official awscli formula (creates the 'aws' binary). This is a standard, low-risk install method for macOS/homebrew environments.
Credentials
Only AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are required, which is appropriate for a tool that calls the AWS CLI. The primaryEnv is set to AWS_ACCESS_KEY_ID. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide configs, and contains no mechanism to persist beyond normal installation. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill appears to do exactly what it claims, but review these practical safety steps before installing or running it: 1) Use least-privilege AWS credentials — grant only the S3 permissions needed (PutObject, List, optionally Delete) and scope them to the target bucket(s). 2) Test with --dry-run and/or a disposable test bucket first to verify behavior. 3) Be aware the staging flow follows symlinks (it creates symlinks to real file paths), so if SOURCE_DIR contains symlinks to sensitive files outside the directory those files may be uploaded — ensure SOURCE_DIR contains only intended files. 4) Confirm the bucket name you pass is correct to avoid accidental data exfiltration. 5) Inspect the script locally before running it in an automated agent context. If you need the agent to run this skill autonomously, consider providing credentials with limited scope and monitoring uploads.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e17k683366khevr13dw5121819k55

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📦 Clawdis
Binsaws
EnvAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
Primary envAWS_ACCESS_KEY_ID

Install

Homebrew
Bins: aws
brew install awscli

Comments