Send Me My Files - R2 upload with short lived signed urls
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for uploading files to S3/R2, but it needs cloud write credentials and can upload, delete, and publicly share files, so users should review actions and keep credentials tightly scoped.
Install only if you intend to let the agent upload selected local files to your configured S3/R2 bucket. Use a dedicated bucket and least-privilege token, keep the config file private, avoid public links for sensitive data, and confirm any delete, overwrite, long-expiration, or large-file upload.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured token is broad or compromised, bucket contents could be uploaded, listed, linked, or deleted depending on the token permissions.
The skill requires S3/R2 credentials with object read/write authority so it can upload files and generate links; this is expected for the purpose but grants real cloud-storage authority.
access_key_id: your_access_key secret_access_key: your_secret_key ... Permissions: Object Read & Write
Use a bucket-specific token with the minimum needed permissions, keep ~/.r2-upload.yml private, and rotate credentials if you suspect exposure.
An accidental or poorly reviewed tool invocation could upload the wrong local file, delete a bucket object, or create a non-expiring public link.
The exposed tools can upload, list, delete, and create public links for bucket objects. These operations are disclosed and purpose-aligned, but they are mutating/sharing actions.
- `r2_upload` - Upload file and get presigned URL - `r2_list` - List recent uploads - `r2_delete` - Delete a file ... r2-upload /path/to/file.pdf --public
Require clear user intent before uploads, deletes, public links, or long-lived URLs; prefer short presigned links for sensitive files.
The skill could be used to upload very large files, executable content, or overwrite/use unintended object keys if the agent or user supplies unsafe arguments.
The author discloses that uploads are not bounded by size/type/rate controls and that custom object keys are not fully sanitized.
- ⚠️ No file size limits - ⚠️ No file type restrictions - ⚠️ No rate limiting ... - ⚠️ User can still specify custom `key` parameter
Add size limits, file-type policy, key validation, and confirmation for overwrites/deletes if using this in a production or shared environment.
Users have less registry-level provenance and setup guidance for the code they are asked to install and run.
The registry metadata does not provide a source/homepage or install spec even though the included files contain a Node/TypeScript package and onboarding script.
Source: unknown Homepage: none ... No install spec — this is an instruction-only skill.
Review the included package files before running pnpm/npm commands, and prefer a published source repository with reproducible installation instructions.