CloudQ
Security checks across static analysis, malware telemetry, and agentic risk
Overview
CloudQ broadly matches its cloud-management purpose, but it handles powerful Tencent Cloud credentials and has under-bounded IAM and OAuth behaviors that users should review carefully.
Install only if you are comfortable giving this skill Tencent Cloud account access. Prefer OAuth or a least-privilege subaccount, review any CAM role creation carefully, do not set CLOUDQ_OAUTH_ENDPOINT unless you fully trust it, treat generated console login links as sensitive, and use logout/cleanup when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An existing Tencent Cloud role could receive additional powerful permissions, affecting account security beyond what a user may expect from an optional setup step.
If an advisor role already exists and supports console login, the script reuses it and attaches broad FullAccess policies instead of always creating a new advisorN role. This can broaden permissions on an existing CAM role.
POLICY_NAMES = ["QcloudTAGFullAccess", "QcloudAdvisorFullAccess"] ... if result.get("data", {}).get("ConsoleLogin", 0) == 1: return name, True ... "AttachRolePolicy"Only modify existing roles after a separate explicit confirmation that lists the exact role and policies; otherwise create a new uniquely named role, verify ownership, use least-privilege policies, and ensure cleanup removes the actual role created.
If the local environment is poisoned or misconfigured, OAuth codes or tokens could be sent to a non-Tencent endpoint.
The OAuth token exchange endpoint is controlled by an undeclared environment variable, and authorization codes/access tokens are posted to that endpoint.
OAUTH_ENDPOINT = os.environ.get("CLOUDQ_OAUTH_ENDPOINT", "https://cloudq.cloud.tencent.com") ... body = {"code": code} ... body = {"access_token": access_token}Pin OAuth traffic to an allowlisted Tencent CloudQ hostname in production, or clearly declare and validate any override before sending credentials.
A mistaken or manipulated invocation could send Tencent Cloud authentication headers or tokens to an unintended host, or perform broader CAM/STS/advisor operations than the main workflow needs.
The generic API helper accepts host and action from command-line arguments and sends signed credential-bearing requests to that host; the visible whitelist checks service names but not host/action pairings.
service = args[0]; host = args[1]; action = args[2] ... req = Request(f"https://{host}", data=payload_str.encode("utf-8"), headers=headers, method="POST")Restrict helper scripts to fixed Tencent API hosts and approved actions, and avoid exposing raw API escape-hatch commands to normal agent workflows.
This is likely intended to load cloud credential environment variables, but it may also run any other commands present in the user's shell startup files.
The skill instructs the agent to source user shell startup files before running its environment check, which can execute commands contained in those files.
source ~/.zshrc 2>/dev/null; source ~/.bashrc 2>/dev/null; python3 {baseDir}/scripts/check_env.pyPrefer reading the needed environment variables directly or ask the user before sourcing shell startup files; users should review their shell files before use.