ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun OSS or Tencent COS oss upload online access

v1.7.0

Upload files to Aliyun OSS or Tencent COS and return public access URLs. Use when the user wants to upload files, access files online, upload to OSS, get rem...

0· 548·0 current·0 all-time
byHean Liu@liuhean2021
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included code: scripts/upload.js and config.example.json implement OSS/COS uploads using ali-oss / cos-nodejs-sdk. No unrelated credentials or binaries are requested. However registry metadata omits required environment variable declarations (the SKILL.md explains this omission), which makes automated platform scanning flag the package as suspicious — the omission is explainable but reduces transparency to the platform.
!
Instruction Scope
SKILL.md instructs the agent/user to provide cloud credentials (examples show pasting AccessKey/Secret into chat) or to let OpenClaw write credentials into ~/.openclaw/openclaw.json. It also explicitly forbids the agent from reading/printing config or env vars and says only node scripts/upload.js may read credentials. That restriction is a policy, not a technical enforcement; it relies on correct runtime behavior of the platform/agent and user discipline. Asking users to put secrets into chat or to allow the platform to write them carries risk of secret exposure in logs or transcripts.
Install Mechanism
No automated install spec is included (instruction-only install). package.json declares reasonable OSS/COS libraries (ali-oss, cos-nodejs-sdk-v5, axios). Because installation is manual (npm install), dependencies will be pulled from npm — standard but still a supply-chain risk if those packages are tampered with. There is no remote single-URL binary download (good).
!
Credentials
The skill requires cloud credentials for Aliyun or Tencent, which is proportionate to its purpose. However the registry metadata intentionally lists no required env vars (to avoid 'both required' blocking), reducing platform visibility. The SKILL.md encourages writing credentials into platform config or pasting in chat; both increase exposure. The script reads a local config.json in the skill directory (CONFIG_PATH), so credential storage location/format must be confirmed: if platform writes creds elsewhere (e.g., ~/.openclaw/openclaw.json) there must be a clear, secure mechanism that injects env vars rather than exposing raw files.
Persistence & Privilege
always is false and the skill is user-invocable only; it does not request permanent system-wide privileges. The SKILL.md mentions the platform may write to ~/.openclaw/openclaw.json — that is platform behavior rather than the skill claiming elevated privilege. No evidence that the skill attempts to modify other skills or system-wide settings.
What to consider before installing
This skill appears to implement OSS/COS uploads, but be careful with credentials: do NOT paste AccessKey/Secret into public channels or logs. Prefer injecting credentials via your platform's secure environment-variable mechanism rather than entering them into chat. Before installing, inspect scripts/upload.js (and confirm how it reads credentials — env vars vs local config.json) and run npm install in an isolated environment if possible. Ensure any config.json files are stored with strict filesystem permissions and rotate keys after first use. If the platform demands you paste secrets into a conversation for 'automatic install', ask for an alternative (secure env injection or manual editing of a local config file). If you have low trust in the registry owner, consider creating a least-privilege sub-account or temporary credentials for uploads.

Like a lobster shell, security has layers — review code before you run it.

latestvk971jpwa2vh4cqnvn5wey1666x82vjsj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments