Pywayne Aliyun Oss
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Aliyun OSS management guide, but it involves cloud-storage credentials and delete/move operations that users should scope carefully.
Install only if you intend to manage Aliyun OSS buckets. Use limited-scope OSS credentials, verify the external pywayne package source before use, and have the agent list affected objects and get confirmation before delete, move, or bulk-prefix operations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad OSS credentials are used, the agent could perform write, delete, copy, or move actions within the permitted bucket scope.
The skill documents use of Aliyun OSS API credentials for authenticated operations; this is expected for the purpose, but those credentials can authorize cloud-storage changes.
api_key="your_api_key",
api_secret="your_api_secret"Use least-privilege OSS credentials limited to the intended bucket and operations, and confirm destructive actions before running them.
A mistaken or overly broad prefix could remove many files from an OSS bucket.
The skill includes a bulk delete-by-prefix operation. This is aligned with OSS file management, but a wrong prefix could delete multiple objects.
oss.delete_files_with_prefix(prefix="temp/")
Ask the agent to list matching keys first and require explicit confirmation before bulk delete or move operations.
Users may need to install or trust an external package not reviewed in these artifacts.
The skill relies on an external Python module, while the provided artifact set has no code files or install specification and the registry lists no source homepage. This is a provenance/completeness gap, not evidence of hidden behavior.
from pywayne.aliyun_oss import OssManager
Verify the Python package source and version before installing or using it with OSS credentials.