ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

tencent-cos-ops

v1.0.0

腾讯云COS对象存储操作工具,用于上传、下载、列举和删除COS中的文件。触发场景: (1) 用户需要将本地文件上传到腾讯云COS对象存储 (2) 用户需要从COS下载文件到本地 (3) 用户需要按月管理COS中的文件(自动按YYYY/MM/前缀组织) (4) 用户需要列出或删除COS中的文件 (5) 用户提到"腾...

0· 87·0 current·0 all-time
by@henrybit

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for henrybit/tencent-cos-ops.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "tencent-cos-ops" (henrybit/tencent-cos-ops) from ClawHub.
Skill page: https://clawhub.ai/henrybit/tencent-cos-ops
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tencent-cos-ops

ClawHub CLI

Package manager switcher

npx clawhub@latest install tencent-cos-ops
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is a COS upload/download/list/delete tool and the included Python script implements those operations using the Tencent COS SDK — this is consistent with the name/description. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and script clearly require COS_SECRET_ID, COS_SECRET_KEY, COS_BUCKET (and optionally COS_REGION).
Instruction Scope
The SKILL.md instructs how to set COS env vars, run the script, and call its functions. The instructions stay within the stated scope (file upload/download/list/delete) and do not ask the agent to read unrelated system files or to contact external endpoints other than COS.
Install Mechanism
No install spec is provided. The code depends on an external package (cos-python-sdk-v5) but the skill does not include an automated install step. This is a packaging omission (user/agent must pip install the dependency); it increases friction but is not by itself malicious.
Credentials
The script legitimately requires Tencent COS credentials (SecretId/SecretKey), bucket name, and region. Those credentials are proportionate to the functionality. The problem is that the skill metadata did not declare these required environment variables/primary credential, so automated permission review or prompts may be missing or misleading.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not attempt to modify other skills or global agent configuration.
What to consider before installing
This skill appears to do exactly what it says (upload/download/list/delete files in Tencent COS). Before installing: (1) be aware you must provide COS_SECRET_ID and COS_SECRET_KEY plus COS_BUCKET (and optionally COS_REGION) — these are sensitive credentials; prefer an IAM/role or least-privilege key scoped to the target bucket. (2) The package metadata did not declare these environment variables or the Python dependency (cos-python-sdk-v5), so your agent or installer may not prompt for them automatically. (3) Review the bucket name and test with a limited-permission credential in an isolated environment. (4) If you want stricter safety, request the publisher to update metadata to declare required env vars and add an install step for the dependency so automated tooling can surface the credential request.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bcqnz61hf2n7fw2g2ahv05d83z1z9
87downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@henrybit
latest
Download

Tencent COS 操作

腾讯云COS对象存储操作工具,支持文件上传、下载、列表和管理。

环境配置

使用前需要设置以下环境变量:

export COS_SECRET_ID="你的SecretId"
export COS_SECRET_KEY="你的SecretKey"
export COS_REGION="ap-beijing"  # COS地域
export COS_BUCKET="examplebucket-1250000000"  # Bucket名称

快速使用

上传文件(按月自动管理)

python scripts/cos_ops.py upload /path/to/file.txt

默认按当前月份 YYYY/MM/filename 格式存储,例如 2024/03/report.pdf

指定目录上传

python scripts/cos_ops.py upload /path/to/file.txt --key "myfolder/report.pdf"

高级上传(分块上传,适合大文件)

python scripts/cos_ops.py upload /path/to/largefile.zip --advanced --part-size 10 --threads 20

下载文件

python scripts/cos_ops.py download "2024/03/report.pdf" /local/path/report.pdf

列出文件

# 列出所有文件
python scripts/cos_ops.py list

# 按前缀筛选
python scripts/cos_ops.py list --prefix "2024/03/"

# 指定bucket
python scripts/cos_ops.py list --prefix "logs/" --bucket "my-bucket-1250000000"

删除文件

python scripts/cos_ops.py delete "2024/03/report.pdf"

Python脚本使用

在Python代码中直接调用:

from cos_ops import upload_file, download_file, list_objects, delete_object

# 上传文件(自动按月管理)
upload_file('/path/to/file.txt')

# 指定对象键
upload_file('/path/to/file.txt', cos_key='custom/path/file.txt')

# 下载文件
download_file('2024/03/report.pdf', '/local/save/report.pdf')

# 列出文件
list_objects(prefix='2024/03/')

# 删除文件
delete_object('2024/03/report.pdf')

按月文件管理

脚本默认使用当前年月作为存储前缀,实现按月管理:

  • 上传文件自动存储到 YYYY/MM/ 目录下
  • 例如:2024年3月上传的 report.pdf 会存储为 2024/03/report.pdf

API参考

详细API文档请查看 references/cos_api.md

常用API

方法说明
upload_file()简单上传,文件流方式
upload_file_advanced()高级上传,自动分块
download_file()下载文件到本地
list_objects()列出对象
delete_object()删除单个对象

版本

版本日期更新内容
1.0.02026-03-31初始版本,支持上传、下载、列举、删除功能,按月文件管理

Comments

Loading comments...