Send Me My Files - R2 upload with short lived signed urls – OpenClaw Skill

---

name: Send Me My Files - R2 upload with short lived signed urls description: Upload files to Cloudflare R2, AWS S3, or any S3-compatible storage and generate secure presigned download links with configurable expiration. summary: TypeScript-based MCP skill for uploading files to cloud storage (R2, S3, MinIO) with secure, temporary download links. Features multi-bucket support, interactive onboarding, and 5-minute default expiration.

Send Me My Files - R2 Upload with Short Lived Signed URLs

Upload files to Cloudflare R2 or any S3-compatible storage and generate presigned download links.

Features

• Upload files to R2/S3 buckets
• Generate presigned download URLs (configurable expiration)
• Support for any S3-compatible storage (R2, AWS S3, MinIO, etc.)
• Multiple bucket configurations
• Automatic content-type detection

Configuration

Create ~/.r2-upload.yml (or set R2_UPLOAD_CONFIG env var):

# Default bucket (used when no bucket specified)
default: my-bucket

# Bucket configurations
buckets:
  my-bucket:
    endpoint: https://abc123.r2.cloudflarestorage.com
    access_key_id: your_access_key
    secret_access_key: your_secret_key
    bucket_name: my-bucket
    public_url: https://files.example.com  # Optional: custom domain
    region: auto  # For R2, use "auto"
    
  # Additional buckets
  personal:
    endpoint: https://xyz789.r2.cloudflarestorage.com
    access_key_id: ...
    secret_access_key: ...
    bucket_name: personal-files
    region: auto

Cloudflare R2 Setup

1. Go to Cloudflare Dashboard → R2
2. Create a bucket
3. Go to R2 API Tokens: https://dash.cloudflare.com/<ACCOUNT_ID>/r2/api-tokens
4. Create a new API token
   • Important: Apply to specific bucket (select your bucket)
   • Permissions: Object Read & Write
5. Copy the Access Key ID and Secret Access Key
6. Use endpoint format: https://<account_id>.r2.cloudflarestorage.com
7. Set region: auto

AWS S3 Setup

aws-bucket:
  endpoint: https://s3.us-east-1.amazonaws.com
  access_key_id: ...
  secret_access_key: ...
  bucket_name: my-aws-bucket
  region: us-east-1

Usage

Upload a file

r2-upload /path/to/file.pdf
# Returns: https://files.example.com/abc123/file.pdf?signature=...

Upload with custom path

r2-upload /path/to/file.pdf --key uploads/2026/file.pdf

Upload to specific bucket

r2-upload /path/to/file.pdf --bucket personal

Custom expiration (default: 5 minutes)

r2-upload /path/to/file.pdf --expires 24h
r2-upload /path/to/file.pdf --expires 1d
r2-upload /path/to/file.pdf --expires 300  # seconds

Public URL (no signature)

r2-upload /path/to/file.pdf --public

Tools

• r2_upload - Upload file and get presigned URL
• r2_list - List recent uploads
• r2_delete - Delete a file

Environment Variables

• R2_UPLOAD_CONFIG - Path to config file (default: ~/.r2-upload.yml)
• R2_DEFAULT_BUCKET - Override default bucket
• R2_DEFAULT_EXPIRES - Default expiration in seconds (default: 300 = 5 minutes)

Notes

• Uploaded files are stored with their original filename unless --key is specified
• Automatic UUID prefix added to prevent collisions (e.g., abc123/file.pdf)
• Content-Type automatically detected from file extension
• Presigned URLs expire after the configured duration

R2/S3 Upload Skill

Upload files to Cloudflare R2, AWS S3, or any S3-compatible storage and generate secure presigned download links with configurable expiration.

Summary

A TypeScript-based MCP skill that lets you upload files to cloud storage and get shareable links. Perfect for quickly sharing files with temporary access. Features multi-bucket support, interactive onboarding, and 5-minute default expiration for security.

Quick Example:

• "Upload this report to R2" → Get a 5-minute download link
• "List files in my bucket" → See what's uploaded
• "Delete old-file.pdf" → Clean up storage

Quick Setup

Automated (Recommended)

cd skills/r2-upload
pnpm install
pnpm run onboard

This will:

• Install dependencies
• Guide you through credential setup
• Test your connection
• Create the config file

Manual Setup

1. Install dependencies:

pnpm install

2. Create config file:

cp example-config.yml ~/.r2-upload.yml
# Edit ~/.r2-upload.yml with your credentials

3. Build:

pnpm run build

Usage

See SKILL.md for detailed documentation and examples.

Cloudflare R2 Setup

1. Go to Cloudflare Dashboard → R2
2. Create a bucket
3. Go to R2 API Tokens: https://dash.cloudflare.com/<ACCOUNT_ID>/r2/api-tokens
4. Create a new API token
   • Important: Apply to specific bucket (select your bucket)
   • Permissions: Object Read & Write
5. Copy the Access Key ID and Secret Access Key
6. Note your Account ID from the R2 dashboard URL
7. Use endpoint: https://<ACCOUNT_ID>.r2.cloudflarestorage.com

Custom Domain (Optional)

To use a custom domain for public URLs:

1. In Cloudflare R2, connect your bucket to a custom domain
2. Add the public_url field to your bucket config:

   public_url: https://files.yourdomain.com
   

This allows you to generate clean public URLs instead of presigned ones.

Security Considerations

⚠️ Important Security Notes:

API Token Scope

When creating your R2 API token:

• ✅ Apply to specific bucket only (not account-wide)
• ✅ Use minimum permissions: Object Read & Write only
• ❌ Avoid: Admin permissions or account-wide access

Current Protections

• ✅ Config file secured with 600 permissions (owner-only)
• ✅ Presigned URLs expire (default: 5 minutes)
• ✅ UUID prefixes prevent predictable file paths
• ✅ Credentials isolated in external config

Known Limitations

• ⚠️ No file size limits (be careful with large files)
• ⚠️ No file type restrictions
• ⚠️ No rate limiting

Best Practices

1. Keep expiration short - Default 5m is recommended
2. Review uploads periodically - Use r2_list to check your bucket
3. Don't share presigned URLs publicly unless intended
4. Rotate credentials if you suspect compromise
5. Use different buckets for different security levels

See SECURITY.md for detailed security information and recommendations.