ClawHub

Aliyun Oss Ossutil

v1.0.0

Use when installing, configuring, or operating Alibaba Cloud OSS from the command line with ossutil 2.0, based on the official ossutil overview.

0· 1·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, references, and the included check_ossutil.py all align with providing OSS/ossutil CLI guidance and basic validation. The skill requests no unrelated credentials or system resources.
Instruction Scope
Runtime instructions are limited to installing ossutil, configuring AccessKey/region, running ossutil commands, and saving outputs under output/aliyun-oss-ossutil/. The included Python check script only inspects local skill docs, optionally checks for the ossutil binary, and can call `ossutil --version` if asked. There are no instructions to read unrelated system files or to exfiltrate data.
Install Mechanism
There is no automated install spec in the skill bundle (instruction-only). references/install.md shows downloading official ossutil release zips from gosspublic.alicdn.com (Alibaba's public CDN) and moving the binary to /usr/local/bin with sudo. This is expected for installing a standalone CLI but involves downloading and running a remote binary and requires elevated privileges — users should verify the URL, version, and integrity before running.
Credentials
The skill declares no required env vars. SKILL.md sensibly recommends ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, and optional ALICLOUD_REGION_ID or using the shared credentials file; these are appropriate and proportional for an OSS CLI helper.
Persistence & Privilege
always is false and the skill does not request persistent agent-wide privileges or modify other skills. The check script writes only to the skill's output path. There is no evidence the skill attempts to enable itself or store external tokens.
Assessment
This skill appears coherent and appropriate for helping with Alibaba Cloud OSS via ossutil. Before using: 1) Verify the referenced download URL and prefer the latest official release; check SHA256/signatures if available. 2) Avoid pasting long-lived root/admin AK/SK; use least-privilege RAM users, temporary credentials, or instance roles. 3) Prefer environment variables or credentials files over passing secrets on the command line. 4) Be aware installation requires sudo and places a binary in /usr/local/bin — review the binary before installing. 5) If you allow autonomous agent invocation, note the agent could run ossutil commands on your behalf; ensure credentials scoped to the intended operations only.

Like a lobster shell, security has layers — review code before you run it.

latestvk971sx0pwrqeme6be2h4p4aj5x8433sm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Category: tool

OSS (ossutil 2.0) CLI Skill

Validation

python skills/storage/oss/aliyun-oss-ossutil/scripts/check_ossutil.py --output output/aliyun-oss-ossutil/validate.txt

Pass criteria: command exits 0 and output/aliyun-oss-ossutil/validate.txt is generated.

Output And Evidence

  • Save command outputs, object listings, and sync logs under output/aliyun-oss-ossutil/.
  • Keep at least one upload or listing result as evidence.

Goals

  • Use ossutil 2.0 to manage OSS: upload, download, sync, and resource management.
  • Provide a unified CLI flow for install, config, credentials, and region/endpoint handling.

Quick Start Flow

  1. Install ossutil 2.0.
  2. Configure AK/SK and default region (ossutil config or config file).
  3. Run ossutil ls to list buckets, then list objects using the bucket region.
  4. Execute upload/download/sync or API-level commands.

Install ossutil 2.0

  • See references/install.md for platform-specific install steps.

Configure ossutil

  • Interactive configuration:
ossutil config
  • Default config file paths:
    • Linux/macOS:~/.ossutilconfig
    • Windows:C:\Users\issuser\.ossutilconfig

Main configuration fields include:

  • AccessKey ID
  • AccessKey Secret
  • Region(example default cn-hangzhou; ask the user if the best region is unclear)
  • Endpoint(optional; auto-derived from region if omitted)

AccessKey configuration notes

Use RAM users/roles with least privilege and avoid passing AK in plain text on command line.

Recommended method (environment variables):

export ALICLOUD_ACCESS_KEY_ID="<your-ak>"
export ALICLOUD_ACCESS_KEY_SECRET="<your-sk>"
export ALICLOUD_REGION_ID="cn-beijing"

ALICLOUD_REGION_ID can be used as default region; if unset choose the most reasonable region, ask user if unclear.

Or use the standard shared credentials file:

~/.alibabacloud/credentials

[default]
type = access_key
access_key_id = <your-ak>
access_key_secret = <your-sk>

Command structure (2.0)

  • High-level command example:ossutil config
  • API-level command example:ossutil api put-bucket-acl

Common command examples

ossutil ls
ossutil ls oss://your-bucket -r --short-format --region cn-shanghai -e https://oss-cn-shanghai.aliyuncs.com
ossutil cp ./local.txt oss://your-bucket/path/local.txt
ossutil cp oss://your-bucket/path/remote.txt ./remote.txt
ossutil sync ./local-dir oss://your-bucket/path/ --delete

Recommended execution flow (list buckets first, then objects)

  1. List all buckets
ossutil ls

  1. Get target bucket region from output (e.g. oss-cn-shanghai) and convert it to --region format (cn-shanghai).

  2. When listing objects, explicitly set --region and -e to avoid cross-region signature/endpoint errors.

ossutil ls oss://your-bucket \
  -r --short-format \
  --region cn-shanghai \
  -e https://oss-cn-shanghai.aliyuncs.com
  1. For very large buckets, limit output size first.
ossutil ls oss://your-bucket --limited-num 100
ossutil ls oss://your-bucket/some-prefix/ -r --short-format --region cn-shanghai -e https://oss-cn-shanghai.aliyuncs.com

Common errors and handling

  • Error: region must be set in sign version 4.

    • Cause: missing region configuration.
    • Fix: add region in config file, or pass --region cn-xxx.

  • The bucket you are attempting to access must be addressed using the specified endpoint

    • Cause: request endpoint does not match bucket region.
    • Fix: use endpoint of the bucket region, e.g. -e https://oss-cn-hongkong.aliyuncs.com.

  • Invalid signing region in Authorization header

    • Cause: signature region does not match bucket region.
    • Fix: correct both --region and -e; both must match bucket region.

Credential and security guidance

  • Prefer RAM user AK for access control.
  • CLI options can override config file, but passing secrets on command line has leakage risk.
  • In production, manage secrets via config files or environment variables.

Clarifying questions (ask when uncertain)

  1. Is your target a Bucket or an Object?
  2. Do you need upload/download/sync, or management actions like ACL/lifecycle/CORS?
  3. What are the target region and endpoint?
  4. Are you accessing OSS from ECS in the same region (intranet endpoint may be preferred)?

References

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

Workflow

  1. Confirm user intent, region, identifiers, and whether the operation is read-only or mutating.
  2. Run one minimal read-only query first to verify connectivity and permissions.
  3. Execute the target operation with explicit parameters and bounded scope.
  4. Verify results and save output/evidence files.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…