ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aws S3

v0.2.1

Self-contained AWS S3 SDK bundle for OpenClaw agents

0· 85·0 current·0 all-time
by@panthrocorp
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the observed behavior: this is a packaged AWS S3 SDK intended for use inside the gateway container. There are no unrelated credentials or binaries requested. However the package claims to 'bundle' the SDK (no internet required), but the repository listing here does not include the built dist file (dist/index.cjs) shown in package.json 'files' — raising a mismatch between stated capability (self-contained bundle) and the provided files.
!
Instruction Scope
SKILL.md instructs the operator to curl the GitHub releases API and npm install a release tarball into the gateway container (docker exec npm install <URL> ...). That requires network access contrary to the top-level claim 'No internet access required at install time' (the alternative 'from a downloaded tarball' is accurate, but the primary example uses GitHub). Usage examples rely on process.env.EMAIL_BUCKET_NAME and the AWS SDK default credential chain (IMDS/env vars), which are expected but not declared as requirements.
!
Install Mechanism
There is no registry install spec; installation relies on downloading a tarball from GitHub releases (a known host). That's acceptable in general, but given the earlier claim about being self-contained and offline, the absence of dist/index.cjs in the provided file manifest is suspicious: if the release tarball does not actually include the built bundle, installation could fail or unexpectedly pull dependencies/build steps. The release URL approach is moderate risk but not inherently malicious — verify the release contents and checksums before installing.
Credentials
The skill declares no required env vars or primary credential, which aligns with using the AWS SDK default credential chain. However the runtime will use any AWS credentials available to the gateway/container (IMDS, environment variables, or instance profile). This is expected for an S3 SDK, but you should be aware it can access S3 resources permitted to the container's credentials.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request special system or other-skill config paths. It does not request persistent system-wide privileges in the manifest.
What to consider before installing
Key things to check before installing: (1) Confirm the GitHub release tarball actually contains the pre-built dist/index.cjs (the repo listing here lacks it). If the tarball omits the bundle, installation may attempt to fetch/build dependencies unexpectedly. (2) Verify the tarball checksum (checksums.txt is provided) and inspect the tarball contents locally before running npm install in the gateway. (3) Be aware the SDK uses the AWS default credential chain — any AWS credentials available to the gateway (IMDS or env vars) will be usable by this package; apply least-privilege IAM to the gateway role and restrict S3 permissions to only the buckets/operations needed. (4) If you cannot verify the release archive, install in an isolated/test gateway first. These inconsistencies look like sloppy packaging rather than overt malice, but they warrant caution.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🪣 Clawdis
OSLinux
latestvk977n4qdzj1zf7vnza7vqasx4584ekxp
85downloads
0stars
2versions
Updated 1w ago
v0.2.1
MIT-0
Linux
@panthrocorp
latest
Download

AWS S3 Skill

Pre-bundled AWS S3 SDK for use inside the OpenClaw gateway container. All transitive dependencies are bundled. No internet access required at install time.

Installation

Install from the release tarball into the gateway container:

TAG=$(curl -fsSL "https://api.github.com/repos/PanthroCorp-Limited/openclaw-skills/releases" \
  | grep -o '"tag_name":"aws-s3/v[^"]*"' | head -1 | cut -d'"' -f4)
VERSION=${TAG#aws-s3/v}
URL="https://github.com/PanthroCorp-Limited/openclaw-skills/releases/download/${TAG}/openclaw-aws-s3-${VERSION}.tgz"
docker exec openclaw-gateway npm install "$URL" --prefix /home/node/.openclaw/bin/.npm-global

Or from a downloaded tarball:

docker exec openclaw-gateway npm install /path/to/openclaw-aws-s3-0.1.0.tgz \
  --prefix /home/node/.openclaw/bin/.npm-global

Usage

const { S3Client, ListObjectsV2Command, GetObjectCommand } = require("@openclaw/aws-s3");

const client = new S3Client({});

const list = await client.send(new ListObjectsV2Command({
  Bucket: process.env.EMAIL_BUCKET_NAME,
  Prefix: `parsed/${agentName}/`,
}));

const obj = await client.send(new GetObjectCommand({
  Bucket: process.env.EMAIL_BUCKET_NAME,
  Key: "parsed/agent/email.json",
}));
const body = await obj.Body.transformToString();

Authentication

Credentials resolve via the AWS SDK default credential provider chain. In an EC2/ECS environment this uses IMDS (Instance Metadata Service) automatically. Ensure the IMDS hop limit is set to 2 or higher when running inside Docker.

No environment variables are required for authentication. AWS_REGION should be set if the region cannot be inferred from instance metadata.

Important

  • This package bundles @aws-sdk/client-s3 with all transitive dependencies.
  • No network access is needed at install time.
  • The gateway container must have Node.js available.
  • All S3 commands from the SDK are available, not just the ones shown above.

Comments

Loading comments...