ClawHub

Pywayne Aliyun Oss

v0.1.0

Manage Aliyun OSS buckets in Python with upload, download, list, read, delete, copy, and move operations supporting authenticated and anonymous access.

0· 571·0 current·0 all-time
by@wangyendt

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wangyendt/aliyun-oss-2.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pywayne Aliyun Oss" (wangyendt/aliyun-oss-2) from ClawHub.
Skill page: https://clawhub.ai/wangyendt/aliyun-oss-2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install wangyendt/aliyun-oss-2

ClawHub CLI

Package manager switcher

npx clawhub@latest install aliyun-oss-2
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The described purpose (manage Aliyun OSS with authenticated write and anonymous read) is coherent with the API shown in SKILL.md (endpoint, bucket, api_key/api_secret). However the skill bundle contains no code or install spec for the 'pywayne.aliyun_oss' package it instructs you to import, and the registry metadata lists no required credentials even though write operations require API keys. This mismatch is unexpected.
Instruction Scope
The runtime instructions are narrowly scoped to OSS operations (upload/download/list/delete/copy/move) and reference only OSS endpoints and local file paths. They do not direct reading unrelated system files or sending data to services outside OSS. However the instructions assume availability of a Python package and optional libraries like cv2 (for images) without telling how to install them; they also show passing api_key/api_secret but give no guidance on secure credential storage or environment variables.
!
Install Mechanism
There is no install specification and no code files. SKILL.md expects import of 'pywayne.aliyun_oss', but nothing in the skill provides that module or explains how to obtain it (no pip name, no repository, no instructions). That leaves it unclear whether the agent will attempt to fetch arbitrary third-party code at runtime — an installation step that should be explicit.
!
Credentials
The package metadata declares no required environment variables or primary credential, yet SKILL.md explicitly uses api_key and api_secret for write operations. This mismatch means credentials may be requested ad-hoc at runtime or passed in chat, increasing the risk of accidental secret disclosure. The skill does not request unrelated credentials, but its credential handling is under-specified.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide configuration or cross-skill modifications. It is user-invocable and allows autonomous invocation by default (platform standard), which is expected.
Scan Findings in Context
[NO_CODE_FILES] unexpected: The static scan found no code files to analyze. For an instruction-only skill that documents how to use an existing external Python package this can be okay — but SKILL.md implies the presence of a 'pywayne.aliyun_oss' module while the bundle provides none and gives no install instructions, preventing verification.
What to consider before installing
This skill documents a Python API for Aliyun OSS but contains no code or install instructions and doesn't declare the API credentials it expects. Before installing or using it: 1) ask the publisher for the package source (PyPI name or GitHub repo) and an explicit install command you can review; 2) do not paste your api_key/api_secret into chat — prefer providing credentials via secure environment variables or a secrets manager; 3) verify the package's provenance and review its code (or use the official aliyun OSS SDK) before allowing the agent to pip-install anything; 4) if you need image uploads, confirm dependencies like opencv-python (cv2) are safe to install. These steps will reduce the chance of the agent fetching or running unexpected third-party code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fg4jsgb0p2ge68pesdb8d75815gx8
571downloads
0stars
1versions
Updated 2mo ago
v0.1.0
MIT-0
@wangyendt
latest
Download

Pywayne Aliyun OSS

pywayne.aliyun_oss.OssManager provides a comprehensive toolkit for managing Aliyun OSS (Object Storage Service) buckets.

Quick Start

from pywayne.aliyun_oss import OssManager

# Initialize with write permissions
oss = OssManager(
    endpoint="https://oss-cn-xxx.aliyuncs.com",
    bucket_name="my-bucket",
    api_key="your_api_key",
    api_secret="your_api_secret"
)

# Initialize with read-only (anonymous) access
oss = OssManager(
    endpoint="https://oss-cn-xxx.aliyuncs.com",
    bucket_name="my-bucket",
    verbose=False  # Disable verbose output
)

Upload Operations

Upload a local file

oss.upload_file(key="data/sample.txt", file_path="./sample.txt")

Upload text content

oss.upload_text(key="config/settings.json", text='{"key": "value"}')

Upload an image (numpy array)

import cv2
image = cv2.imread("photo.jpg")
oss.upload_image(key="photos/photo.jpg", image=image)

Upload entire directory

oss.upload_directory(local_path="./local_folder", prefix="remote_folder/")

Download Operations

Download a single file

# Preserve directory structure: downloads/data/sample.txt
oss.download_file(key="data/sample.txt", root_dir="./downloads")

# Use only basename: downloads/sample.txt
oss.download_file(key="data/sample.txt", root_dir="./downloads", use_basename=True)

Download files with prefix

oss.download_files_with_prefix(prefix="photos/", root_dir="./downloads")

Download entire directory

oss.download_directory(prefix="photos/", local_path="./downloads")

List Operations

List all keys in bucket

keys = oss.list_all_keys()  # Returns sorted list

List keys with prefix

keys = oss.list_keys_with_prefix(prefix="data/")

List directory contents (first level only)

contents = oss.list_directory_contents(prefix="data/")
# Returns: [("file1.txt", False), ("subdir", True), ...]

Read Operations

Read file content as string

content = oss.read_file_content(key="config/settings.json")

Check if file exists

if oss.key_exists("data/sample.txt"):
    print("File exists")

Get file metadata

metadata = oss.get_file_metadata("data/sample.txt")
# Returns: {'content_length': 1234, 'last_modified': ..., 'etag': ..., 'content_type': ...}

Delete Operations

Delete a single file

oss.delete_file(key="data/sample.txt")

Delete files with prefix

oss.delete_files_with_prefix(prefix="temp/")

Copy and Move Operations

Copy object within bucket

oss.copy_object(source_key="data/original.txt", target_key="backup/original.txt")

Move object within bucket

oss.move_object(source_key="data/temp.txt", target_key="archive/temp.txt")

Important Notes

  • Write permissions: Upload, delete, copy, and move operations require api_key and api_secret
  • Anonymous access: Omit api_key and api_secret for read-only access
  • Directory handling: OSS doesn't have real directories - use prefixes (keys ending with /)
  • Natural sorting: list_all_keys() and list_keys_with_prefix() use natural sorting by default
  • Verbose output: All methods print status messages when verbose=True (default)

Comments

Loading comments...