ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Keplerjai Oss Uploader

v1.0.0

将本地文件上传到阿里云 OSS 并输出 bindHost 下的可访问 URL。用户提到 OSS 上传、静态资源、keplerjai OSS 时使用。

0· 32·1 current·1 all-time
by任佶@renjicode
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code, README, and SKILL.md implement an Alibaba Cloud OSS uploader (uploads objects, builds public URLs, optionally writes bucket lifecycle). That matches the skill name/description. However the registry metadata lists no required env vars while the runtime clearly requires KEPLERJAI_OSS_ACCESS_KEY_ID, KEPLERJAI_OSS_ACCESS_KEY_SECRET, KEPLERJAI_OSS_ENDPOINT, KEPLERJAI_OSS_BUCKET (and optional lifecycle-related envs). The omission in metadata is an incoherence that reduces transparency.
Instruction Scope
Runtime instructions and scripts are narrowly scoped to: loading .env/config.json, computing an object key, uploading the specified local file via oss2, printing the public URL, and optionally calling PutBucketLifecycle. The skill reads local .env and config.json (expected for config) but does not appear to exfiltrate data to third-party endpoints beyond the OSS endpoint supplied by the user.
Install Mechanism
No external download/install spec is present; the bundle is instruction+code that depends on the oss2 Python package (requirements.txt). This is a low-to-moderate risk pattern (pip install from requirements is expected). There are no suspicious external URLs or extracted archives.
!
Credentials
The skill legitimately requires sensitive credentials (AccessKey ID/Secret) and endpoint/bucket configuration. That is expected for an OSS uploader, but the skill did not declare these required env vars in the registry metadata. Also the scripts can call PutBucketLifecycle (modifying bucket lifecycle) which requires additional RAM permissions; the need for that privilege should be explicit and limited. Users should ensure least-privilege keys (PutObject, possibly GetObject, and only lifecycle permissions if needed) rather than broad or admin credentials.
!
Persistence & Privilege
This skill sets always:true in SKILL.md/metadata. always:true causes the skill to be force-included in every agent run, which increases blast radius when combined with access to cloud credentials and the ability to modify bucket lifecycle. There is no clear justification for always:true for a user-invoked uploader; this is a meaningful privilege escalation risk.
What to consider before installing
This package appears to be a legitimate OSS uploader, but note two red flags: (1) the registry metadata does not declare the required secret environment variables even though the scripts require AccessKey ID/Secret, endpoint and bucket; (2) the skill is marked always:true which will include it in every agent run. Before installing: only provide credentials via secure secret injection (SecretRef or environment secrets), use least-privilege AccessKey (scope to PutObject and minimal additional permissions; only grant lifecycle permissions if you intend to use that feature), test with --dry-run first, avoid placing secrets in chat or .env in shared repos, and consider removing or disabling always:true so the skill runs only when explicitly invoked. Also verify the skill source/origin (it's listed as unknown) and rotate keys if they were exposed while testing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📤 Clawdis
Binspython
latestvk974h2f2ycx33zda0bzavteay185143g
32downloads
0stars
1versions
Updated 2d ago
v1.0.0
MIT-0
任佶@renjicode
latest
Download

keplerjai OSS 上传(技能摘要)

详细说明、环境变量表、安全与 OpenClaw 配置示例见同目录 README.md(人读文档;本文件刻意保持短小以降低技能加载 token)。

环境变量前缀

必填:KEPLERJAI_OSS_ACCESS_KEY_IDKEPLERJAI_OSS_ACCESS_KEY_SECRETKEPLERJAI_OSS_ENDPOINTKEPLERJAI_OSS_BUCKET。其余见 README.mdconfig.example.envconfig.json 可补全非密钥项(skill_config 合并,shell 已设变量优先)。

上传命令({baseDir} 为本技能根目录)

pip install -r "{baseDir}/requirements.txt"
python "{baseDir}/scripts/upload_to_oss.py" "/path/to/file.png"

常用:--flat 扁平随机名;-k 指定对象键;--dry-run 仅打印 key/URL;--sync-lifecycle 上传后写入生命周期(需天数配置与 RAM 权限)。

Agent 要点

  1. 密钥只经 env / SecretRef 注入,不写进对话与 SKILL 正文
  2. 上传成功后把脚本输出的 public_url 给用户。
  3. 生命周期运维:python "{baseDir}/scripts/put_bucket_lifecycle.py"(详见 README.md)。

OpenClaw

skills.entries 中使用键名 keplerjai-oss-uploader,与 name 字段一致;env 键名与上表 KEPLERJAI_OSS_* 一致。完整 JSON 片段见 README.md

返回形式

可读文件名的方式返回文件下载链接

Comments

Loading comments...