阿里云OSS文件上传工具 - 安全、高效的文件上传和临时链接生成
Security Analysis
medium confidenceThe package mostly implements an Aliyun OSS uploader as described, but there are inconsistencies (missing declared config/credentials, root-only config path) and a few behaviors (test code reading /etc files, expectation of AK/SK in a config file not declared in metadata) that warrant caution before installing.
The code and SKILL.md implement an OSS uploader and presigned-URL generation which matches the name/description. However the skill requires an external config file containing AccessKey ID/Secret (AK/SK) at /root/.openclaw/aliyun-oss-config.json, yet the registry metadata lists no required config paths or primary credential — that mismatch is incoherent. The hardcoded use of a root-scoped path (/root/.openclaw/...) is also unexpected for a user-facing skill.
SKILL.md instructs creating a config file with AK/SK and describes CLI and OpenClaw integration only. The code contains test/main routines that reference system files (/etc/hosts, /etc/passwd) — these are not mentioned in the instructions and could read local system files if those test entrypoints are executed. The skill uploads arbitrary local file paths provided to it (expected functionality) but that means any path the agent supplies will be read and sent to OSS, so caller should ensure only intended files are passed.
There is no install spec (instruction-only), which reduces risk from remote installers. The code imports oss2 and requests; missing packages cause the program to exit with a message to pip install them. The package.json exists but there is no pip requirements or installation guidance in SKILL.md beyond the import error message — this is a minor usability gap but not a high install risk.
The tool requires AccessKey credentials stored in an external JSON config, but the registry metadata did not declare any required env vars or primary credential. Declaring credentials (or at least required config paths) in metadata would be expected. Also the SKILL.md recommends /root/.openclaw/... which implies writing/reading a root-owned path; this is disproportionate for a user-level skill. security_validator expects an STS token (flags its absence as risky) while sts_manager only supports AK/SK — inconsistency in credential expectations.
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide agent settings, and has no installer that writes new system services. It will read local files passed to it (normal for an uploader).
Guidance
This skill appears to implement an Aliyun OSS uploader, but there are several things to verify before installing or using it: - Credentials & metadata: The code expects AK/SK in a JSON config at /root/.openclaw/aliyun-oss-config.json, but the skill registry metadata does not declare required config paths or a primary credential. Confirm where you will store credentials and ensure the metadata matches. - Do not put long-lived root credentials in that file. Prefer a RAM user with least privilege (oss:PutObject, oss:GetObject, oss:ListObjects) or STS temporary credentials. Set config file permissions to 600 and rotate keys regularly. - Path choice: The SKILL.md uses /root/.openclaw which is surprising for non-root use; consider changing the config path to your user home (~/.openclaw/...) before running. - Local file reads: The uploader will read any local file path you pass and upload it to OSS. Ensure the agent only supplies intended file paths; otherwise sensitive local files could be uploaded. - Test code: Some modules include test mains that reference /etc/hosts and /etc/passwd. Those tests run only if executed directly, but review and remove or sandbox test code if you plan to run this in a sensitive environment. - Dependencies: The package depends on oss2 and requests (pip). Install them in a controlled virtualenv before running. - Audit before use: If you lack confidence, run the code in an isolated environment (sandbox or VM), inspect/change the config path and credential handling to use STS, and confirm no unexpected network endpoints are contacted aside from the OSS endpoint you configure. If you want, I can: (1) produce a checklist of minimal IAM policy JSON for a RAM user, (2) modify the code to use a user-home config path and optional environment-variable overrides, or (3) highlight exact lines that read system files so you can remove test code.
Latest Release
v1.0.0
阿里云OSS文件上传工具首发版本: - 支持单文件、批量及分片上传,自动处理大文件(超100MB)与重命名冲突 - 最大单文件2GB限制,超限自动拒绝上传 - 预签名URL临时链接生成,默认及自定义有效期选项 - 文件名搜索、OSS指定目录上传功能 - AK/SK身份认证,凭据外部分离,安全性强化 - 详细配置样例及命令行用法说明 - 完善异常处理与故障排查提示 - 仅依赖oss2与requests,生产就绪发布
More by @jixsonwang
Published by @jixsonwang on ClawHub
