ClawHub

Cloudinary

v1.0.0

Cloudinary — manage images/videos, upload, transform, and search assets via REST API

0· 365·1 current·1 all-time
by@aiwithabidi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required env vars (CLOUDINARY_API_KEY, CLOUDINARY_API_SECRET, CLOUDINARY_CLOUD_NAME), and implemented endpoints map correctly to Cloudinary REST actions (list, upload, delete, search, folders, transformations, usage, presets).
Instruction Scope
SKILL.md documents env vars and CLI usage, but does not mention that the script will attempt to read a fallback .env file from WORKSPACE or ~/.openclaw/workspace/.env when an env var is unset. That fallback is reasonable for convenience but is not declared in the metadata/instructions.
Install Mechanism
No install spec and the included script uses only the Python standard library. No downloads or external installers are present.
Credentials
Requested environment variables are the standard Cloudinary API key/secret/cloud name. The script only reads these values (with an undocumented .env fallback) and does not require unrelated credentials or paths.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It does not modify other skills or agent-wide configuration.
Assessment
This skill is internally coherent for interacting with Cloudinary and only needs your Cloudinary API key/secret/cloud name. Before installing, consider: 1) it will look for credentials in environment variables and—if not found—will try to read a .env file from WORKSPACE or ~/.openclaw/workspace/.env (this fallback is not documented in SKILL.md); if you keep secrets in a workspace .env, be aware the skill will read it. 2) Review the included scripts/cloudinary.py yourself (it's short and stdlib-only) to confirm you trust the author and that network calls go to api.cloudinary.com. 3) Provide only the minimum-permission API key/secret you need for the tasks you intend, and consider running the skill in an isolated environment if you have sensitive local configs. The script has a few small coding oddities (e.g., an unconventional conditional when reading the secret) but these look like bugs rather than malicious behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cenjyjsc9sz6pn85kjczvp981xys2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
EnvCLOUDINARY_API_KEY, CLOUDINARY_API_SECRET, CLOUDINARY_CLOUD_NAME
Primary envCLOUDINARY_API_KEY

Comments