首页龙虾技能列表 › Aliyun Oss — 技能工具

☁️ Aliyun Oss — 技能工具

v1.0.0

阿里云OSS文件上传工具 - 安全、高效的文件上传和临时链接生成

0· 898·4 当前·6 累计
by @jixsonwang (Jixson)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/1
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The package mostly implements an Aliyun OSS uploader as described, but there are inconsistencies (missing declared config/credentials, root-only config path) and a few behaviors (test code reading /etc files, expectation of AK/SK in a config file not declared in metadata) that warrant caution before installing.
评估建议
This skill appears to implement an Aliyun OSS uploader, but there are several things to verify before installing or using it: - Credentials & metadata: The code expects AK/SK in a JSON config at /root/.openclaw/aliyun-oss-config.json, but the skill registry metadata does not declare required config paths or a primary credential. Confirm where you will store credentials and ensure the metadata matches. - Do not put long-lived root credentials in that file. Prefer a RAM user with least privilege ...
详细分析 ▾
用途与能力
The code and SKILL.md implement an OSS uploader and presigned-URL generation which matches the name/description. However the skill requires an external config file containing AccessKey ID/Secret (AK/SK) at /root/.openclaw/aliyun-oss-config.json, yet the registry metadata lists no required config paths or primary credential — that mismatch is incoherent. The hardcoded use of a root-scoped path (/root/.openclaw/...) is also unexpected for a user-facing skill.
指令范围
SKILL.md instructs creating a config file with AK/SK and describes CLI and OpenClaw integration only. The code contains test/main routines that reference system files (/etc/hosts, /etc/passwd) — these are not mentioned in the instructions and could read local system files if those test entrypoints are executed. The skill uploads arbitrary local file paths provided to it (expected functionality) but that means any path the agent supplies will be read and sent to OSS, so caller should ensure only intended files are passed.
安装机制
There is no install spec (instruction-only), which reduces risk from remote installers. The code imports oss2 and requests; missing packages cause the program to exit with a message to pip install them. The package.json exists but there is no pip requirements or installation guidance in SKILL.md beyond the import error message — this is a minor usability gap but not a high install risk.
凭证需求
The tool requires AccessKey credentials stored in an external JSON config, but the registry metadata did not declare any required env vars or primary credential. Declaring credentials (or at least required config paths) in metadata would be expected. Also the SKILL.md recommends /root/.openclaw/... which implies writing/reading a root-owned path; this is disproportionate for a user-level skill. security_validator expects an STS token (flags its absence as risky) while sts_manager only supports AK/SK — inconsistency in credential expectations.
持久化与权限
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide agent settings, and has no installer that writes new system services. It will read local files passed to it (normal for an uploader).
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/10

阿里云OSS文件上传工具首发版本: - 支持单文件、批量及分片上传,自动处理大文件(超100MB)与重命名冲突 - 最大单文件2GB限制,超限自动拒绝上传 - 预签名URL临时链接生成,默认及自定义有效期选项 - 文件名搜索、OSS指定目录上传功能 - AK/SK身份认证,凭据外部分离,安全性强化 - 详细配置样例及命令行用法说明 - 完善异常处理与故障排查提示 - 仅依赖oss2与requests,生产就绪发布

● 无害

安装命令 点击复制

官方npx clawhub@latest install aliyun-oss
镜像加速npx clawhub@latest install aliyun-oss --registry https://cn.clawhub-mirror.com

技能文档

安全、高效的文件上传和临时链接生成工具

🎯 核心功能

  • ✅ 单文件上传: 支持上传单个本地文件到OSS
  • ✅ 批量上传: 支持同时上传多个文件
  • ✅ 大文件分片上传: 自动处理超过100MB的大文件
  • ✅ 指定目录上传: 可指定OSS中的存储路径
  • ✅ 文件大小限制: 拒绝超过2GB的文件
  • ✅ 自动重命名: 避免文件名冲突(UUID或时间戳策略)
  • ✅ 预签名URL生成: 自动生成临时访问链接
  • ✅ 链接有效期自定义: 支持1小时、6小时、1天、7天等选项
  • ✅ 文件检索: 根据文件名搜索OSS中的文件

🔒 安全特性

  • ✅ AK/SK认证: 使用阿里云AccessKey进行认证
  • ✅ 配置分离: 所有敏感信息通过外部配置文件管理
  • ✅ 链接时效性: 预签名URL自动过期,降低数据泄露风险
  • ✅ 文件大小限制: 防止上传超大文件

⚙️ 配置要求

创建配置文件 /root/.openclaw/aliyun-oss-config.json:

{
  "endpoint": "oss-cn-shanghai.aliyuncs.com",
  "bucket_name": "your-bucket-name",
  "auth": {
    "access_key_id": "your-access-key-id",
    "access_key_secret": "your-access-key-secret"
  },
  "max_file_size_mb": 2048,
  "default_expire_hours": 0.5,
  "large_file_threshold_mb": 100,
  "default_prefix": "uploads/"
}

🚀 使用方法

命令行使用

# 上传单个文件
python3 main.py upload /path/to/file.txt uploads/
# 批量上传
python3 main.py batch_upload file1.txt file2.txt file3.txt uploads/
# 搜索文件
python3 main.py search filename.txt

OpenClaw集成

  • 支持作为媒体处理器处理文件上传
  • 可通过OpenClaw的消息系统触发上传任务
  • 生成的临时链接可直接在聊天中分享

🔧 技术细节

  • 依赖: oss2, requests
  • 分片上传: 使用OSS SDK的multipartUpload
  • 预签名URL: 使用OSS SDK的sign_url方法
  • 错误处理: 完善的异常处理和重试机制

🛡️ 安全最佳实践

  • 使用RAM用户: 创建专门的RAM用户用于OSS上传
  • 最小权限: 用户权限仅包含 oss:PutObject, oss:GetObject, oss:ListObjects
  • 配置文件权限: 设置为600(仅所有者可读写)
  • 定期轮换: 定期更新AccessKey

🆘 故障排除

  • 403错误: 检查RAM用户权限和AccessKey
  • 文件大小超限: 确认文件不超过2GB限制
  • 上传失败: 检查网络连接和OSS配置

💡 开发规范

此技能严格遵循以下开发准则:

  • 开源兼容性: 完全符合开源skills的配置要求和目录结构
  • 合规性: 完全符合当地的法律法规要求
  • 功能完整性: 仅包含已实现和测试通过的功能,无占位符或未完成代码

📦 部署说明

  • 生产就绪: 所有测试代码和临时文件已在发布前清理
  • 安全配置: 敏感信息通过外部配置文件管理,不在源码中硬编码
  • 依赖管理: 仅依赖必要的Python包(oss2, requests)
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务