Back to skill

Security audit

腾讯云 COS 原生操作技能

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Tencent COS storage-management skill, but it can change or delete cloud objects, so users should use tightly scoped credentials.

Install only if you want an agent to operate a Tencent Cloud COS bucket. Use least-privilege COS credentials scoped to the intended bucket or prefix, verify object keys and prefixes before uploads, moves, or deletes, and require explicit confirmation before recursive or bulk deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly directs the agent to execute Node.js scripts that perform real COS operations and likely rely on environment-provided credentials, yet the manifest declares no corresponding permissions. This creates a permission-model gap: reviewers and policy enforcement may underestimate that the skill can access secrets from the environment and perform cloud actions, increasing the risk of unintended data access or destructive storage operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script performs irreversible deletion of objects and pseudo-folder prefixes in Tencent COS immediately based on input, with no user-facing confirmation, dry-run mode, or safety guardrails. In the context of a storage-management skill, this is especially risky because a mistaken folder_path or recursive flag can cause bulk data loss across many objects in a bucket.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.