Cloud Architecture Canvas

The skill bundle provides legitimate functionality for managing Tencent Cloud Advisor but includes high-risk instructions and capabilities. Specifically, SKILL.md directs the AI agent to persist sensitive API keys (SecretId/SecretKey) by writing export commands directly into the user's shell configuration files (~/.bashrc, ~/.zshrc), and scripts/create_role.py performs powerful IAM operations including creating roles with FullAccess policies and enabling console login. Additionally, check_env.py executes an external binary ('clawhub') via subprocess.run to check for updates, which introduces a supply-chain risk.