ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Huawei Cloud OBS SDK

v1.0.0

华为云 OBS 对象存储 SDK 使用指南。包含 SDK 安装、初始化客户端、文件上传/下载、管理存储桶、管理对象等核心操作的最佳实践和代码示例。使用当需要操作华为云 OBS 对象存储时。

0· 286·1 current·1 all-time
by@idiosyncraticdragon

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for idiosyncraticdragon/huawei-obs-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Huawei Cloud OBS SDK" (idiosyncraticdragon/huawei-obs-skill) from ClawHub.
Skill page: https://clawhub.ai/idiosyncraticdragon/huawei-obs-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install huawei-obs-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install huawei-obs-skill
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (Huawei Cloud OBS SDK usage) matches the included code and documentation: examples and helper functions operate on OBS. However, the skill metadata declares no required environment variables or primary credential, while the bundled code and SKILL.md expect OBS_AK / OBS_SK (and optionally OBS_SERVER). That omission is inconsistent and may mislead users about what secrets the skill will access.
!
Instruction Scope
SKILL.md and example code limit actions to installing the SDK and performing OBS operations. The runtime code (scripts/obs_utils.py) calls load_dotenv() and reads environment variables OBS_AK and OBS_SK; these runtime actions (reading env vars / .env) are not reflected in the declared metadata. There are no instructions to exfiltrate data or call external endpoints beyond Huawei OBS, and examples warn about security best practices, but the implicit .env loading and env-var usage should be explicitly documented.
Install Mechanism
There is no install spec (instruction-only skill) and included requirements.txt lists huiweicloud-sdk-python-obs and python-dotenv—reasonable, expected dependencies for the stated purpose. No downloads from untrusted URLs or extract steps are present.
!
Credentials
The code expects sensitive credentials (OBS_AK, OBS_SK) and may read a .env file via python-dotenv, but the skill's registry metadata lists no required env vars or primary credential. Requiring secret keys for OBS is proportionate to the skill's function, but failing to declare them is a problematic mismatch that can hide the fact the skill will access secrets.
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not modify other skills or system-wide settings. It only contains helper functions and example usage; no privileged or persistent behaviors were found.
What to consider before installing
This skill appears to be a genuine Huawei OBS SDK guide, but note: the included code reads OBS_AK and OBS_SK (and will load a .env file if present) while the skill metadata declares no required credentials. Before installing or running it, ensure you: (1) don't place production keys in an environment accessible to the agent unless you intend the skill to use them; (2) limit the keys to least privilege and enable rotation; (3) consider running the code in an isolated environment or test account first; (4) ask the publisher/maintainer to update the skill metadata to explicitly list required environment variables (OBS_AK/OBS_SK/OBS_SERVER) so users know what secrets the skill will access; and (5) review the included requirements.txt and code (scripts/obs_utils.py) yourself—there are no other hidden endpoints or suspicious downloads, but the undeclared credential usage is the main coherence issue.

Like a lobster shell, security has layers — review code before you run it.

latestvk974sayz95cqq8jhsft13hce7h82saab
286downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@idiosyncraticdragon
latest
Download

华为云 OBS SDK 使用指南

本技能提供华为云 OBS(对象存储服务)Python SDK 的核心使用方法和最佳实践。

快速开始

1. 安装 SDK

pip install huaweicloud-sdk-python-obs

2. 初始化客户端

from obs import ObsClient

# 初始化 OBS 客户端
obs_client = ObsClient(
    access_key_id='YOUR_ACCESS_KEY',
    secret_access_key='YOUR_SECRET_KEY',
    server='obs.cn-east-3.myhuaweicloud.com'  # 根据实际区域填写
)

3. 关闭客户端

obs_client.close()

核心操作

存储桶管理

参考 references/bucket_operations.md

  • 创建/删除存储桶
  • 存储桶权限配置
  • 存储桶生命周期管理
  • 存储桶跨域配置

对象操作

参考 references/object_operations.md

  • 上传文件/文件夹
  • 下载文件/文件夹
  • 删除/复制/移动对象
  • 列举对象
  • 断点续传
  • 预签名 URL 生成

高级功能

参考 references/advanced_features.md

  • 版本控制
  • 服务器端加密
  • 跨域资源共享 (CORS)
  • 事件通知
  • 生命周期规则

安全最佳实践

  1. 不要硬编码 AK/SK,使用环境变量或配置文件管理
  2. 为 OBS 账户分配最小必要权限
  3. 定期轮换访问密钥
  4. 使用 HTTPS 协议访问 OBS 服务
  5. 敏感数据上传前建议客户端加密

错误处理

try:
    resp = obs_client.putFile('bucket_name', 'object_key', 'local_file_path')
    if resp.status < 300:
        print('上传成功')
    else:
        print(f'上传失败: {resp.errorMessage}')
except Exception as e:
    print(f'操作异常: {e}')

Comments

Loading comments...