Aios Transfer File
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent S3 file-transfer tool, but it needs review because its upload script can upload any local path instead of enforcing the promised workspace boundary.
Review before installing. This skill appears intended for legitimate S3-backed file transfer, but only use it when you are comfortable with the configured S3 credentials and ensure the agent uploads only files from the intended workspace.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is mistaken or influenced by malicious instructions, it could upload a local file outside the intended workspace to the outbox bucket.
The upload command accepts a user/agent-supplied source path, copies it, and uploads it to S3 without checking that the source path is inside the declared workspace.
const sourcePath = path.resolve(options.source); ... await copyFile(sourcePath, stagedPath); ... Body: createReadStream(stagedPath)
Only use this skill with explicit file paths you intend to send, and the publisher should enforce that --source is within the task workspace before uploading.
The skill can read and write S3 objects allowed by the configured credentials.
The skill uses S3 credentials from environment variables. That is expected for its purpose, but the registry metadata says no required env vars and no primary credential.
const accessKeyId = readRequiredEnv("AIOS_S3_ACCESS_KEY_ID");
const secretAccessKey = readRequiredEnv("AIOS_S3_SECRET_ACCESS_KEY");Use narrowly scoped S3 credentials limited to the intended inbox/outbox buckets, and declare the required environment variables in metadata.
First use may download and install packages from npm in the skill directory.
The skill may install npm dependencies at runtime if the AWS SDK is missing. This is normal for the declared Node/S3 implementation, but it is not represented as an install spec.
如果依赖缺失,在运行内置脚本前,先在这个 skill 目录执行 `npm install` 本地安装依赖。
Prefer a pinned, reviewed install process such as npm ci from the included lockfile, and make the Node/npm dependency explicit in installation metadata.