Pywayne Aliyun Oss
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: aliyun-oss-2 Version: 0.1.0 The skill bundle provides a Python toolkit for managing Aliyun OSS, including operations like upload, download, list, delete, copy, and move objects. All described functionalities are standard for a cloud storage management tool. There is no evidence of malicious intent, such as data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts against the AI agent in the SKILL.md file. The use of API keys for authenticated access is a legitimate requirement for interacting with cloud services.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad OSS credentials are used, the agent could perform write, delete, copy, or move actions within the permitted bucket scope.
The skill documents use of Aliyun OSS API credentials for authenticated operations; this is expected for the purpose, but those credentials can authorize cloud-storage changes.
api_key="your_api_key",
api_secret="your_api_secret"Use least-privilege OSS credentials limited to the intended bucket and operations, and confirm destructive actions before running them.
A mistaken or overly broad prefix could remove many files from an OSS bucket.
The skill includes a bulk delete-by-prefix operation. This is aligned with OSS file management, but a wrong prefix could delete multiple objects.
oss.delete_files_with_prefix(prefix="temp/")
Ask the agent to list matching keys first and require explicit confirmation before bulk delete or move operations.
Users may need to install or trust an external package not reviewed in these artifacts.
The skill relies on an external Python module, while the provided artifact set has no code files or install specification and the registry lists no source homepage. This is a provenance/completeness gap, not evidence of hidden behavior.
from pywayne.aliyun_oss import OssManager
Verify the Python package source and version before installing or using it with OSS credentials.