ClawHub

Storacha Upload

v1.3.1

Upload files to IPFS, store on Storacha, upload to decentralized storage, check Storacha status, view storage usage, create Storacha space, switch space, lis...

0· 332·0 current·0 all-time
byAditya@adielliot37
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match required binaries (storacha, node) and the SKILL.md uses the storacha CLI for uploads, listing, spaces, and usage. Asking for an email-only login flow is consistent with the described Storacha auth flow.
Instruction Scope
Instructions correctly focus on running storacha CLI commands and handling file attachments, but they also instruct the agent to auto-create/select spaces and to 'silently' retry/fix missing space issues. This is functionally coherent but grants the agent authority to create resources in the user's Storacha account without explicit confirmation beyond the initial email step — users should be aware of that behavior.
Install Mechanism
No install spec in manifest; SKILL.md recommends installing the official npm package @storacha/cli via npm install -g which is a standard, traceable registry package. No downloads from unknown hosts or extract operations are present.
Credentials
The skill requests no environment variables or secrets. All referenced operations use the storacha CLI and local filesystem (temp files for attachments), which are proportionate to the skill's purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide modifications. The included health-check script and CLI usage affect only the Storacha account and local environment (creating spaces/uploads) which is expected for this functionality.
Assessment
This skill appears to do what it says: it runs the Storacha CLI to upload and manage files on IPFS. Before installing/using it, consider: (1) uploads to IPFS/Storacha are public and effectively permanent — do not upload sensitive data unless you encrypt it first; (2) the agent is instructed to auto-create/select spaces and retry operations silently, which can create resources in your Storacha account (and potentially incur usage/egress); (3) the SKILL.md recommends running npm install -g @storacha/cli — prefer to install CLI tools yourself so you can review and control what is installed; (4) the agent will need access to your filesystem to save attachments and network access to contact Storacha — ensure you trust the environment where the agent runs. If any of these are unacceptable, don't enable the skill or limit its use until you can audit the CLI and confirm acceptable permissions and billing implications.

Like a lobster shell, security has layers — review code before you run it.

latestvk970jas4say6pav1aghgvgys8581x338

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔥 Clawdis
Binsstoracha, node

Comments