Aliyun Oss
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured Aliyun key has broad permissions, the skill can upload and list objects using that account authority.
The skill reads local Aliyun AccessKey credentials and uses them to authenticate to OSS. This is expected for an OSS uploader, but it grants cloud-storage authority and the registry metadata does not declare a primary credential or required config path.
def __init__(self, config_path: str = "/root/.openclaw/aliyun-oss-config.json"): ... self.auth = oss2.Auth(auth_config['access_key_id'], auth_config['access_key_secret'])
Use a dedicated RAM user with only the needed OSS permissions and bucket or prefix scope, protect the config file with strict permissions, and rotate keys regularly.
Files provided to the skill leave the local environment and may become accessible through OSS links or public object ACLs.
The core tool uploads the supplied local file to OSS and has an optional public-read mode. This matches the stated purpose, but it can expose local data if invoked on the wrong file or with public access enabled.
with open(local_file, 'rb') as f:
self.bucket.put_object(oss_key, f)
...
if public_read:
self.bucket.put_object_acl(oss_key, oss2.OBJECT_ACL_PUBLIC_READ)Only invoke the skill on files intended for upload, avoid public_read unless explicitly needed, and prefer short-lived presigned URLs over public objects.
Users may need to install dependencies manually, and installing unpinned packages from an untrusted source can introduce supply-chain risk.
The documentation names external Python dependencies, but the install spec is empty and no pinned versions or lockfile are provided. The artifacts do not show automatic installation or a malicious source.
**依赖**: `oss2`, `requests`
Install dependencies from trusted package indexes, pin versions where possible, and prefer a future skill release with an explicit install spec or lockfile.
A user could mistakenly assume every shared URL from the OpenClaw media path is a temporary signed link, when this handler may only provide a standard bucket URL.
The media handler returns a standard OSS URL and tells the user to generate a temporary link manually, while the skill description emphasizes temporary link generation. This appears to be a functionality mismatch rather than deception.
standard_url = f"https://{bucket_name}.{endpoint}/{oss_key}" ... "请通过OSS控制台生成临时访问链接(1小时有效)"Verify whether returned links are presigned and time-limited before sharing sensitive files; maintainers should make the media handler use the generated presigned URL or clarify the documentation.