Send Me My Files - R2 upload with short lived signed urls
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured token is broad or compromised, bucket contents could be uploaded, listed, linked, or deleted depending on the token permissions.
The skill requires S3/R2 credentials with object read/write authority so it can upload files and generate links; this is expected for the purpose but grants real cloud-storage authority.
access_key_id: your_access_key secret_access_key: your_secret_key ... Permissions: Object Read & Write
Use a bucket-specific token with the minimum needed permissions, keep ~/.r2-upload.yml private, and rotate credentials if you suspect exposure.
An accidental or poorly reviewed tool invocation could upload the wrong local file, delete a bucket object, or create a non-expiring public link.
The exposed tools can upload, list, delete, and create public links for bucket objects. These operations are disclosed and purpose-aligned, but they are mutating/sharing actions.
- `r2_upload` - Upload file and get presigned URL - `r2_list` - List recent uploads - `r2_delete` - Delete a file ... r2-upload /path/to/file.pdf --public
Require clear user intent before uploads, deletes, public links, or long-lived URLs; prefer short presigned links for sensitive files.
The skill could be used to upload very large files, executable content, or overwrite/use unintended object keys if the agent or user supplies unsafe arguments.
The author discloses that uploads are not bounded by size/type/rate controls and that custom object keys are not fully sanitized.
- ⚠️ No file size limits - ⚠️ No file type restrictions - ⚠️ No rate limiting ... - ⚠️ User can still specify custom `key` parameter
Add size limits, file-type policy, key validation, and confirmation for overwrites/deletes if using this in a production or shared environment.
Users have less registry-level provenance and setup guidance for the code they are asked to install and run.
The registry metadata does not provide a source/homepage or install spec even though the included files contain a Node/TypeScript package and onboarding script.
Source: unknown Homepage: none ... No install spec — this is an instruction-only skill.
Review the included package files before running pnpm/npm commands, and prefer a published source repository with reproducible installation instructions.