aliyun-oss

v1.0.2

阿里云 OSS 对象存储技能。支持文件上传、下载、列出、删除、获取 URL 等操作。两层架构：Node.js SDK（优先）→ ossutil CLI。

⭐ 0· 416·3 current·3 all-time

bysilas@aohoyo

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name, description, and code align: the skill uses the ali-oss Node.js SDK to upload/download/list/delete/generate URLs for OSS. Declared runtime (node + ali-oss) matches implementation. Minor mismatch: top-level registry metadata lists no required config paths but the runtime scripts expect config/oss-config.json (the code will throw if it does not exist). _meta.json documents the config location but the skill summary/registry entry omitted it.

Instruction Scope

SKILL.md instructs running scripts/setup.sh and node scripts/oss_node.mjs. setup.sh will create/modify config/oss-config.json, set file permissions, and append ALIYUN_* environment variables to the user's shell rc (~/.bashrc or ~/.zshrc). Those persistent changes to the user's shell profile and credential storage are outside a minimal scope for a 'library wrapper' and should be reviewed. Other runtime behavior (reading local files to upload, listing local directories in examples) is consistent with purpose.

✓

Install Mechanism

Install uses the ali-oss npm package (package.json and the install script call npm install). No downloads from untrusted URLs, no extract of arbitrary archives, and no obscure third‑party installers. This is a standard npm dependency installation.

ℹ

Credentials

The skill legitimately needs OSS credentials (accessKeyId/accessKeySecret) to operate; it stores them in config/oss-config.json and setup.sh optionally exports them into shell environment variables. However the registry metadata listed no required env vars or config paths while the runtime requires the config file — a minor inconsistency. The skill does not request unrelated third-party credentials.

Persistence & Privilege

The installer modifies the user's shell rc file to export ALIYUN_ACCESS_KEY_ID, ALIYUN_ACCESS_KEY_SECRET, ALIYUN_BUCKET, and ALIYUN_REGION. This is a persistent change to the user's environment and increases blast radius if credentials are compromised. always:false (normal) and the skill does not alter other skills, but the shell modification is a notable privilege.

What to consider before installing

This skill appears to implement Alibaba Cloud OSS access and is coherent with that purpose, but take the following precautions before installing: - Inspect scripts/setup.sh yourself. It will create config/oss-config.json with your AccessKey/Secret and append ALIYUN_* exports to ~/.bashrc or ~/.zshrc. If you prefer, create the config file manually instead of using the installer. - Use least-privilege IAM credentials (a key with only the required OSS permissions) and consider short‑lived or scoped credentials rather than a full-access long‑lived key. - Confirm you are comfortable with npm installing the ali-oss package into the skill directory; run npm install in an isolated environment if needed. - After installing, verify config/oss-config.json permissions (script sets chmod 600) and consider removing exported environment variables from your shell rc if you do not want them persisted. - If you want to reduce persistence, skip the shell configuration step and only keep creds in a tightly permissioned config file. Given the shell/profile modification and the metadata mismatch about the config file, review the setup script and config handling before proceeding.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

☁️ Clawdis

Binsnode

Install

Install ali-oss Node.js SDKnpm i -g ali-oss

aliyunvk970zwc92xs9smkh5znwanx4yx82c834cloudvk970zwc92xs9smkh5znwanx4yx82c834latestvk970zwc92xs9smkh5znwanx4yx82c834ossvk970zwc92xs9smkh5znwanx4yx82c834storagevk970zwc92xs9smkh5znwanx4yx82c834

416downloads

0stars

3versions

Updated 1mo ago

v1.0.2

MIT-0

☁️ 阿里云 OSS 技能

通过 Node.js SDK / ossutil CLI 管理阿里云对象存储。

🎯 执行策略（两层降级）

优先级	工具	使用场景
1	Node.js SDK (`ali-oss`)	优先使用
2	ossutil CLI	备选

🚀 快速开始

1. 安装依赖

# 进入技能目录
cd ~/.openclaw/workspace/skills/aliyun-oss-skill

# 运行自动安装
bash scripts/setup.sh

2. 配置凭证

bash scripts/setup.sh \
  --access-key-id "YOUR_ACCESS_KEY_ID" \
  --access-key-secret "YOUR_ACCESS_KEY_SECRET" \
  --region "oss-cn-hangzhou" \
  --bucket "mybucket"

3. 测试连接

node scripts/oss_node.mjs test-connection

📋 使用示例

上传文件

node scripts/oss_node.mjs upload \
  --local "/path/to/file.txt" \
  --key "uploads/file.txt"

列出文件

node scripts/oss_node.mjs list --prefix "uploads/" --limit 100

下载文件

node scripts/oss_node.mjs download \
  --key "uploads/file.txt" \
  --local "/path/to/save.txt"

删除文件

node scripts/oss_node.mjs delete --key "uploads/file.txt" --force

获取文件 URL

# 公开空间
node scripts/oss_node.mjs url --key "uploads/file.txt"

# 私有空间（1小时有效）
node scripts/oss_node.mjs url --key "uploads/file.txt" --private --expires 3600

🔧 Node.js SDK API

命令	说明
`upload --local <path> --key <key>`	上传文件
`download --key <key> --local <path>`	下载文件
`list [--prefix <p>] [--limit <n>]`	列出文件
`delete --key <key> [--force]`	删除文件
`url --key <key> [--private] [--expires <s>]`	获取 URL
`stat --key <key>`	文件信息
`move --src-key <a> --dest-key <b>`	移动文件
`copy --src-key <a> --dest-key <b>`	复制文件
`test-connection`	测试连接

⚙️ 配置文件

config/oss-config.json

{
  "accessKeyId": "YOUR_ACCESS_KEY_ID",
  "accessKeySecret": "YOUR_ACCESS_KEY_SECRET",
  "bucket": "mybucket",
  "region": "oss-cn-hangzhou",
  "domain": "https://cdn.example.com"
}

常用区域：

oss-cn-hangzhou - 华东1（杭州）
oss-cn-shanghai - 华东2（上海）
oss-cn-beijing - 华北2（北京）
oss-cn-shenzhen - 华南1（深圳）

🐛 故障排查

问题	解决
`Cannot find module 'ali-oss'`	`npm install ali-oss`
`403 Forbidden`	检查 AccessKey 权限
`连接超时`	检查区域代码和网络