ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hippius Storage

v1.0.1

Hippius decentralized storage on Bittensor Subnet 75 — upload files, query storage, manage buckets via S3-compatible API. Use when user asks to upload to Hippius, check storage status, set up Hippius credentials, list buckets/files, or asks about IPFS vs S3 options.

0· 655·0 current·0 all-time
by@maxquick
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description match the included instructions and the script: S3 operations against s3.hippius.com and RPC calls to api.hippius.io are coherent with a Hippius storage helper. The provided CLI and Python examples align with S3 and optional IPFS usage.
Instruction Scope
SKILL.md and references instruct the agent and user to use AWS CLI/boto3/hippius CLI and to set environment variables for S3 keys; they also include commands and a script to call an RPC API. The docs include guidance to store a substrate seed phrase in the hippius CLI config (~/.hippius/config.json) for blockchain ops — that is within the skill's stated blockchain-related functionality but is sensitive and expands the scope to key/seed management.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction-plus-bundled-script only. It invokes local tools (aws, python) but does not pull arbitrary archives or run remote installers — low install risk.
!
Credentials
The manifest lists no required env vars or primary credential, but the SKILL.md and scripts clearly require HIPPIUS_S3_ACCESS_KEY and HIPPIUS_S3_SECRET_KEY (and the aws CLI or boto3). References also show commands to store a twelve-word seed in ~/.hippius/config.json. The metadata omission (no declared credentials) is an incoherence; the skill legitimately needs S3 keys for S3 ops, but guidance to store seed phrases in config is high-sensitivity and should be highlighted and handled with strong warnings.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare system-wide persistence. It only runs user-invoked scripts and makes network calls — normal for this capability.
What to consider before installing
This skill appears to implement Hippius S3 and blockchain queries, but exercise caution before installing or using it: 1) Metadata vs behavior mismatch — the package metadata does not declare the HIPPIUS_S3_ACCESS_KEY / HIPPIUS_S3_SECRET_KEY credentials (those are required by the included docs and script). Treat that omission as a signal to verify the publisher and source. 2) Sensitive seed guidance — the docs show storing a substrate seed phrase in ~/.hippius/config.json; never paste your mnemonic into third‑party tools or store it in plaintext unless you fully trust the code and environment. 3) Verify endpoints and TLS (s3.hippius.com, api.hippius.io, console.hippius.com) and confirm these are legitimate official endpoints (the skill source is unknown). 4) Use least-privilege API keys: create keys restricted to the minimal S3 actions needed (avoid using an account-level key). 5) If you must test, run the scripts in an isolated environment (container or VM) and inspect the code yourself; ask the publisher for a Git repository or signing info. If you cannot verify the origin or the credentials handling, treat this as untrusted and avoid entering seed phrases or high-privilege keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk97715aqayk9kqxsjsw3rk8e65813aes

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Hippius Storage

Hippius is decentralized cloud storage on Bittensor SN75 with S3-compatible API.

Recommended path: S3 endpoint (s3.hippius.com) — the public IPFS node is deprecated.

Quick Reference

KeyValue
S3 Endpointhttps://s3.hippius.com
S3 Regiondecentralized
Access Key Formathip_xxxxxxxxxxxx
Consoleconsole.hippius.com
Python CLIpip install hippius (requires self-hosted IPFS node)

Setup

  1. Get S3 credentials from console.hippius.com → Settings → API Keys
  2. Set environment variables: 
    export HIPPIUS_S3_ACCESS_KEY="hip_your_access_key"
export HIPPIUS_S3_SECRET_KEY="your_secret_key"
  3. Test: aws --endpoint-url https://s3.hippius.com --region decentralized s3 ls

Common Operations

Upload

aws --endpoint-url https://s3.hippius.com --region decentralized \
    s3 cp <file> s3://<bucket>/<key>

Download

aws --endpoint-url https://s3.hippius.com --region decentralized \
    s3 cp s3://<bucket>/<key> <local_path>

List buckets

aws --endpoint-url https://s3.hippius.com --region decentralized s3 ls

List objects

aws --endpoint-url https://s3.hippius.com --region decentralized s3 ls s3://<bucket>/ --recursive

Create bucket

aws --endpoint-url https://s3.hippius.com --region decentralized s3 mb s3://<bucket>

Sync directory

aws --endpoint-url https://s3.hippius.com --region decentralized \
    s3 sync ./local-dir/ s3://<bucket>/remote-dir/

Python (boto3)

import boto3
import os

s3 = boto3.client(
    's3',
    endpoint_url='https://s3.hippius.com',
    aws_access_key_id=os.environ['HIPPIUS_S3_ACCESS_KEY'],
    aws_secret_access_key=os.environ['HIPPIUS_S3_SECRET_KEY'],
    region_name='decentralized'
)

# Upload
s3.upload_file('local.txt', 'my-bucket', 'remote.txt')

# Download
s3.download_file('my-bucket', 'remote.txt', 'downloaded.txt')

# List
for obj in s3.list_objects_v2(Bucket='my-bucket').get('Contents', []):
    print(f"{obj['Key']} ({obj['Size']} bytes)")

Scripts

  • scripts/query_storage.py — Query S3 buckets/objects and RPC account info

Usage:

# List S3 buckets
python scripts/query_storage.py --s3-buckets

# List objects in bucket
python scripts/query_storage.py --s3-objects my-bucket

# Query blockchain credits (requires account address)
python scripts/query_storage.py --account 5Grwva... --credits

References

  • references/storage_guide.md — S3 vs IPFS comparison, code examples (Python, JS)
  • references/cli_commands.mdhippius CLI reference (requires self-hosted IPFS node)

Troubleshooting

"Public store.hippius.network has been deprecated" Use S3 instead. The hippius CLI's IPFS commands require a self-hosted IPFS node.

S3 auth errors

  • Access key must start with hip_
  • Region must be decentralized (not us-east-1)
  • Endpoint must be https://s3.hippius.com

External Links

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…