1

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tencent Cloud CLI helper that discloses its install, OAuth login, and cloud-management behavior.

Install tccli only from trusted TencentCloud or package-manager sources, use a least-privilege Tencent Cloud account, and review each tccli command before running it because authenticated cloud commands can create, modify, or delete resources. Do not paste SecretId or SecretKey values into chat, and avoid commands that print credential configuration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The file uses an explicit instruction '统一使用' and the operational guidance throughout the skill is written only in Chinese. This creates a language/locale constraint without user opt-in or an offered alternative, which matches the policy category for forced language selection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal