Internet Archive Skill
v1.0.0搜索、下载、上传并管理 Internet Archive (archive.org) 公开和私有存档项目及其元数据,支持高级查询和文件操作。
⭐ 0· 75·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, SKILL.md, README, and the Python implementation align: searching, downloading, uploading, listing, and metadata operations are implemented by invoking the `ia` CLI. Required capabilities (upload needs IA access keys) match the described purpose.
Instruction Scope
Runtime instructions and the script limit actions to invoking the `ia` CLI and installing it if requested. The SKILL.md directs configuring credentials (~/.config/ia.ini or IA_* env vars) only for upload/modify operations, which is appropriate for this functionality. The skill does not instruct reading unrelated system files or exfiltrating data to third-party endpoints.
Install Mechanism
This is instruction-only with a contained Python script. The provided install paths (uv/pipx/pip) are standard ways to install the `internetarchive` package; there are no direct downloads from untrusted URLs or archives extracted from arbitrary hosts.
Credentials
No registry-level required env vars are declared, and the SKILL.md only documents optional IA_ACCESS_KEY_ID / IA_SECRET_ACCESS_KEY for uploads—these are the minimal, expected credentials for writing to an Internet Archive account. The skill does not request unrelated secrets or broad cloud credentials.
Persistence & Privilege
always:false and no code that attempts to modify other skills or global agent settings. The skill runs on demand and does not request persistent or elevated system privileges.
Assessment
This skill appears coherent for interacting with archive.org, but before installing: (1) only provide IA S3 credentials if you trust the skill and understand uploads will occur under that account; (2) prefer manually running the documented install command (pipx/pip/uv) rather than allowing automatic installs; (3) review the included python file if you have concerns—its subprocess calls invoke the local `ia` CLI (not arbitrary remote endpoints); (4) run in an environment where accidental uploads/downloads won't leak sensitive data (or test with the `test_collection` and non-production keys). If you don't need upload/modify features, you can omit providing credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk977jb2kdy1csxxw80kms972z583t3ye
License
MIT-0
Free to use, modify, and redistribute. No attribution required.