Backup image to StarDots
Automatically back up images to stardots.io cloud storage with secure MD5 authentication and configurable credentials.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 133 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, skill.yaml permissions (network, filesystem), SKILL.md configuration options, and the code all align: the skill uploads image attachments to https://api.stardots.io using an API key/secret and space. It does not request unrelated services or credentials.
Instruction Scope
Runtime instructions and code are narrowly scoped to locating credentials (skill config, env vars, or ~/.config/stardots/config.json), selecting image attachments, generating an MD5 sign, and calling curl via tools.exec to upload the file. One important caveat: the skill will call curl on the attachment.path provided — if an attachment entry points to an arbitrary local path (and is labeled as an image), that file will be uploaded. The skill does not further validate file contents or restrict paths.
Install Mechanism
There is no install spec that downloads remote code; the package contains its own JS/TS files bundled. No external installers or URL downloads are used.
Credentials
The skill does not demand unrelated secrets. It uses API credentials that match its purpose (apiKey, apiSecret, space) via config, env vars (STARDOTS_API_KEY/SECRET/SPACE) or a local config file — these are proportionate to image upload functionality.
Persistence & Privilege
The skill is not force-installed (always: false) and does not request elevated platform-wide privileges beyond network and filesystem access declared in skill.yaml. It does not modify other skills or global configs.
Assessment
Before installing: 1) Verify you trust the publisher (source/homepage are not provided here). 2) Only provide Stardots API credentials you intend to use for image backups (use scoped or revocable keys if possible). 3) Be aware the skill reads ~/.config/stardots/config.json and environment variables; don't place unrelated secrets there. 4) Confirm that attachment paths are controlled by the platform and cannot be crafted to point to sensitive local files (otherwise the skill could upload local files labeled as images). 5) Review the endpoint (https://api.stardots.io) and the support contact in skill.yaml if you need provenance. 6) If you have strict security requirements, review the code locally or run in a sandboxed environment before granting network/filesystem permissions.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download zip20260310latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Stardots Backup
将图像自动备份到 stardots.io 云存储平台
功能特性
- 🔐 自动 MD5 签名认证
- 📤 简单的图像上传
- 📋 支持环境变量或配置文件管理凭证
- 🚀 TypeScript 编写,类型安全
安装
clawhub install stardots-backup
配置
方式一:Skill 配置(推荐)
在 OpenClaw 配置中设置:
{
"stardots-backup": {
"apiKey": "your-api-key",
"apiSecret": "your-api-secret",
"space": "your-space-name"
}
}
方式二:环境变量
export STARDOTS_API_KEY="your-api-key"
export STARDOTS_API_SECRET="your-api-secret"
export STARDOTS_SPACE="your-space-name"
方式三:配置文件
创建 ~/.config/stardots/config.json:
{
"api_key": "your-api-key",
"api_secret": "your-api-secret",
"space": "your-space-name"
}
使用方法
发送图片时附带文字:
- "备份到stardots"
- "上传图片到stardots"
- "stardots备份"
限制
- 速率限制:每分钟 300 次请求
- 文件大小:最大可升级到 30MB
- 文件名长度:最多 170 个字符
链接
许可证
MIT
Files
8 totalSelect a file
Select a file to preview.
Comments
Loading comments…