R2 Storage
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches Cloudflare R2 storage management, but some scripts can execute a local env file as shell code and may operate on an unexpected hard-coded bucket.
Review and preferably edit the scripts before use: remove the source of ~/.config/r2/env, make the bucket explicit or load it from R2_CONFIG, use least-privilege Cloudflare R2 tokens, avoid printing secrets in shared contexts, and use dry-run/confirmation for sync or delete operations.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If that local env file is malformed or poisoned, running the credential display helper could run unintended commands on the user's machine.
The script executes the contents of ~/.config/r2/env as shell code rather than parsing it as data. That file is not created by setup.sh and is not documented in SKILL.md as trusted executable code.
if [[ -f "$ENV_FILE" ]]; then
source "$ENV_FILE"Do not source configuration files for this purpose. Parse key/value data safely, document the file format, and restrict permissions on any credential file.
A user or agent could delete data from the wrong R2 bucket if the environment variable is not set exactly as the script expects.
Deletion defaults to a hard-coded bucket name when R2_BUCKET is not set, while the skill documentation asks users to provide a bucket in R2_CONFIG. This can target an unexpected bucket.
BUCKET="${R2_BUCKET:-moltbot-storage}"
...
rclone delete "${REMOTE}:${BUCKET}/${PATH}"Read the bucket from the documented R2_CONFIG/config file, require an explicit bucket for destructive actions, and add confirmation for per-path deletes.
Anyone who can see the command output may be able to use the R2 token according to its Cloudflare permissions.
The skill includes a helper that prints the R2 secret access key. This is disclosed as a credential helper, but it exposes a high-value credential to the terminal or agent transcript.
echo "R2_SECRET_ACCESS_KEY=$SECRET_KEY" ... echo "Secret Key:" echo " $SECRET_KEY"
Use least-privilege R2 tokens, avoid running show-creds in shared logs or chats, and rotate the token if it is exposed.
Installing this way trusts the remote installer and network path with administrative access to the machine.
The install instructions run a remotely downloaded script with sudo. This is a common rclone installation pattern and is disclosed, but it gives the installer root-level authority.
curl -fsSL https://rclone.org/install.sh | sudo bash
Prefer a trusted package manager or inspect the installer before running it, and only approve the privileged install if needed.