首页龙虾技能列表 › Send Me My Files - R2 upload with short lived signed urls — Send工具

Send Me My Files - R2 upload with short lived signed urls — Send工具

v1.0.4

[AI辅助] Upload files to Cloudflare R2, AWS S3, or any S3-compatible storage and generate secure presigned download links with configurable expiration.

2· 2,795·1 当前·1 累计
by @julianengel·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/12
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
high confidence
The skill's code, instructions, and configuration are coherent with its stated purpose (uploading files to S3-compatible storage and generating presigned URLs); it asks for and stores only the credentials needed for that task and contains no hidden endpoints or unrelated requirements.
评估建议
This skill appears to do what it claims, but be aware of the practical security implications before installing: - You must provide access keys (Access Key ID + Secret) for buckets; prefer creating bucket-scoped tokens with minimal permissions (Object Read/Write only) and avoid account-wide/admin tokens. - The onboarding script writes ~/.r2-upload.yml containing your credentials (the script sets file mode 0600). Keep that file private and do not commit it to source control. - The skill can read a...
详细分析 ▾
用途与能力
The name and description match the implementation: the code uses the AWS SDK to upload objects, list and delete objects, and generate presigned URLs. Required credentials (access key / secret) are collected via the local config and used only for S3/R2 endpoints. No unrelated services, binaries, or credentials are requested.
指令范围
Runtime instructions and the onboarding script explicitly ask for S3/R2 credentials and instruct writing ~/.r2-upload.yml. The skill reads arbitrary local file paths (file_path) to upload — this is required for the stated purpose but means the skill can access any file the agent is instructed to upload. The code and docs also note some missing protections (no file-size enforcement, no key sanitization), which are legitimate limitations rather than incoherent behavior.
安装机制
There is no remote install/download step in the skill package; dependencies are standard npm packages (AWS SDK, js-yaml, mime-types). All dependencies resolve from public registries and the package.json is consistent with the stated functionality.
凭证需求
The skill does not declare required environment variables or request unrelated credentials. It uses an on-disk config file (~/.r2-upload.yml) and respects R2_UPLOAD_CONFIG and R2_DEFAULT_BUCKET overrides — these are appropriate. The onboarding flow requests only storage credentials needed to perform uploads/list/delete and tests the connection.
持久化与权限
always is false and the skill does not attempt to modify other skills or system-level agent configuration. It writes a per-user config file to the home directory (mode 0600) which is expected for storing credentials for this functionality.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.42026/1/10

Updated skill name to 'Send Me My Files - R2 upload with short lived signed urls'

● 可疑

安装命令 点击复制

官方npx clawhub@latest install r2-upload
镜像加速npx clawhub@latest install r2-upload --registry https://cn.clawhub-mirror.com

技能文档

Upload files to Cloudflare R2 or any S3-compatible storage and generate presigned download links.

Features

  • 上传 files 到 R2/S3 buckets
  • Generate presigned 下载 URLs (configurable expiration)
  • Support 对于 任何 S3-compatible storage (R2, AWS S3, MinIO, etc.)
  • Multiple bucket configurations
  • Automatic content-类型 detection

Configuration

Create ~/.r2-upload.yml (or set R2_UPLOAD_CONFIG env var):

# Default bucket (used when no bucket specified)
default: my-bucket
# Bucket configurations
buckets:
  my-bucket:
    endpoint: https://abc123.r2.cloudflarestorage.com
    access_key_id: your_access_key
    secret_access_key: your_secret_key
    bucket_name: my-bucket
    public_url: https://files.example.com  # Optional: custom domain
    region: auto  # For R2, use "auto"
    
  # Additional buckets
  personal:
    endpoint: https://xyz789.r2.cloudflarestorage.com
    access_key_id: ...
    secret_access_key: ...
    bucket_name: personal-files
    region: auto

Cloudflare R2 Setup

  • Go 到 Cloudflare Dashboard → R2
  • 创建 bucket
  • Go 到 R2 API Tokens: https://dash.cloudflare.com//r2/api-tokens
  • 创建 新的 API 令牌
- Important: Apply 到 specific bucket (select bucket) - Permissions: 对象 读取 & 写入
  • 复制 Access 键 ID 和 Secret Access 键
  • 使用 endpoint 格式: https://.r2.cloudflarestorage.com
  • 设置 region: auto

AWS S3 Setup

aws-bucket:
  endpoint: https://s3.us-east-1.amazonaws.com
  access_key_id: ...
  secret_access_key: ...
  bucket_name: my-aws-bucket
  region: us-east-1

Usage

上传 file

r2-upload /path/to/file.pdf
# Returns: https://files.example.com/abc123/file.pdf?signature=...

上传 带有 custom path

r2-upload /path/to/file.pdf --key uploads/2026/file.pdf

上传 到 specific bucket

r2-upload /path/to/file.pdf --bucket personal

Custom expiration (默认: 5 minutes)

r2-upload /path/to/file.pdf --expires 24h
r2-upload /path/to/file.pdf --expires 1d
r2-upload /path/to/file.pdf --expires 300  # seconds

公开 URL (否 signature)

r2-upload /path/to/file.pdf --public

Tools

  • r2_upload - 上传 file 和 获取 presigned URL
  • r2_list - 列表 recent uploads
  • r2_delete - 删除 file

Environment Variables

  • R2_UPLOAD_CONFIG - Path 到 配置 file (默认: ~/.r2-上传.yml)
  • R2_DEFAULT_BUCKET - Override 默认 bucket
  • R2_DEFAULT_EXPIRES - 默认 expiration 在...中 seconds (默认: 300 = 5 minutes)

Notes

  • Uploaded files stored 带有 original filename unless --键 specified
  • Automatic UUID prefix added 到 prevent collisions (e.g., abc123/file.pdf)
  • Content-类型 automatically detected 从 file 扩展
  • Presigned URLs expire 之后 configured 持续时间
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务