home / skills / openclaw / skills / r2-upload

r2-upload skill

safe

/skills/julianengel/r2-upload

This skill uploads files to R2 or S3-compatible storage and returns secure, expiring download links for easy sharing.

npx playbooks add skill openclaw/skills --skill r2-upload

Review the files below or copy the command above to add this skill to your agents.

Files (11)

SKILL.md

3.3 KB

---
name: Send Me My Files - R2 upload with short lived signed urls
description: Upload files to Cloudflare R2, AWS S3, or any S3-compatible storage and generate secure presigned download links with configurable expiration.
summary: TypeScript-based MCP skill for uploading files to cloud storage (R2, S3, MinIO) with secure, temporary download links. Features multi-bucket support, interactive onboarding, and 5-minute default expiration.
---

# Send Me My Files - R2 Upload with Short Lived Signed URLs

Upload files to Cloudflare R2 or any S3-compatible storage and generate presigned download links.

## Features

- Upload files to R2/S3 buckets
- Generate presigned download URLs (configurable expiration)
- Support for any S3-compatible storage (R2, AWS S3, MinIO, etc.)
- Multiple bucket configurations
- Automatic content-type detection

## Configuration

Create `~/.r2-upload.yml` (or set `R2_UPLOAD_CONFIG` env var):

```yaml
# Default bucket (used when no bucket specified)
default: my-bucket

# Bucket configurations
buckets:
  my-bucket:
    endpoint: https://abc123.r2.cloudflarestorage.com
    access_key_id: your_access_key
    secret_access_key: your_secret_key
    bucket_name: my-bucket
    public_url: https://files.example.com  # Optional: custom domain
    region: auto  # For R2, use "auto"
    
  # Additional buckets
  personal:
    endpoint: https://xyz789.r2.cloudflarestorage.com
    access_key_id: ...
    secret_access_key: ...
    bucket_name: personal-files
    region: auto
```

### Cloudflare R2 Setup

1. Go to Cloudflare Dashboard → R2
2. Create a bucket
3. Go to R2 API Tokens: `https://dash.cloudflare.com/<ACCOUNT_ID>/r2/api-tokens`
4. Create a new API token
   - **Important:** Apply to specific bucket (select your bucket)
   - Permissions: Object Read & Write
5. Copy the Access Key ID and Secret Access Key
6. Use endpoint format: `https://<account_id>.r2.cloudflarestorage.com`
7. Set `region: auto`

### AWS S3 Setup

```yaml
aws-bucket:
  endpoint: https://s3.us-east-1.amazonaws.com
  access_key_id: ...
  secret_access_key: ...
  bucket_name: my-aws-bucket
  region: us-east-1
```

## Usage

### Upload a file

```bash
r2-upload /path/to/file.pdf
# Returns: https://files.example.com/abc123/file.pdf?signature=...
```

### Upload with custom path

```bash
r2-upload /path/to/file.pdf --key uploads/2026/file.pdf
```

### Upload to specific bucket

```bash
r2-upload /path/to/file.pdf --bucket personal
```

### Custom expiration (default: 5 minutes)

```bash
r2-upload /path/to/file.pdf --expires 24h
r2-upload /path/to/file.pdf --expires 1d
r2-upload /path/to/file.pdf --expires 300  # seconds
```

### Public URL (no signature)

```bash
r2-upload /path/to/file.pdf --public
```

## Tools

- `r2_upload` - Upload file and get presigned URL
- `r2_list` - List recent uploads
- `r2_delete` - Delete a file

## Environment Variables

- `R2_UPLOAD_CONFIG` - Path to config file (default: `~/.r2-upload.yml`)
- `R2_DEFAULT_BUCKET` - Override default bucket
- `R2_DEFAULT_EXPIRES` - Default expiration in seconds (default: 300 = 5 minutes)

## Notes

- Uploaded files are stored with their original filename unless `--key` is specified
- Automatic UUID prefix added to prevent collisions (e.g., `abc123/file.pdf`)
- Content-Type automatically detected from file extension
- Presigned URLs expire after the configured duration

Overview

This skill uploads files to Cloudflare R2, AWS S3, or any S3-compatible storage and returns short-lived presigned download links. It supports multiple bucket profiles, automatic content-type detection, and configurable expiration for secure, time-limited access. Use it to share backups, deliver artifacts, or archive files without exposing long-lived credentials.

How this skill works

The tool reads a YAML configuration (or env override) describing one or more S3-compatible buckets with endpoint, keys, and bucket name. When you upload, it stores the file (optionally under a custom key), adds a UUID prefix to avoid collisions, detects content-type, and generates a presigned URL that expires after the configured interval. You can also request public URLs when the bucket is exposed through a custom domain.

When to use it

Share large files securely for a short time without creating permanent public access.
Automate backups or artifacts upload from scripts and return a downloadable link.
Archive files to R2 or any S3-compatible store while keeping credentials local.
Provide temporary downloads to users, clients, or CI/CD pipelines.
Maintain multiple storage targets (personal, team, production) from one tool.

Best practices

Use per-bucket API tokens/keys scoped to minimal permissions (Object Read & Write).
Set short expirations for sensitive files; increase only when necessary.
Use the UUID key prefix to avoid accidental overwrites and preserve original filenames.
Store config path securely and use environment variables for CI secrets.
Prefer custom public URLs for stable long-term links and presigned URLs for temporary access.

Example use cases

Upload a release artifact from CI and embed the presigned URL in release notes.
Share a client deliverable for 24 hours using --expires 1d without making the bucket public.
Archive daily logs to a personal R2 bucket and generate links for audit reviewers.
Quickly transfer a file between machines by uploading and emailing the short-lived URL.
List recent uploads to verify successful backups and delete stale objects with r2_delete.

FAQ

How do I configure a different bucket file?

Create or edit the YAML config (~/.r2-upload.yml) with a named bucket profile and use --bucket <name> or set R2_DEFAULT_BUCKET.

Can I use AWS S3 or MinIO?

Yes. Provide the appropriate endpoint, access keys, bucket_name, and region in the config; the tool uses standard S3-compatible operations.