Tencent Cloud COS
v1.1.3腾讯云对象存储(COS)和数据万象(CI)集成技能。覆盖文件存储管理、AI处理和知识库三大核心场景。 存储场景:上传文件到云端、下载云端文件、批量管理存储桶文件、获取文件签名链接分享、查看文件元信息。 图片处理场景:图片质量评估打分、AI超分辨率放大、AI智能裁剪、二维码/条形码识别、添加文字水印、获取图片EXI...
⭐ 0· 1.5k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a Tencent Cloud COS/CI/MetaInsight integration and declares/uses the exact credentials and configuration you'd expect (SecretId/SecretKey, optional STS Token, Region, Bucket, optional DatasetName/Domain). The requested node SDK (cos-nodejs-sdk-v5) matches the described capabilities.
Instruction Scope
Runtime instructions (SKILL.md + setup.sh + cos_node.mjs) operate on the local project files, read credentials from environment or project .env/.env.enc, install the Node SDK, and call Tencent COS/CI APIs. No instructions request unrelated system files or other services. Note: the scripts will optionally persist credentials to .env when run with --persist and will add .env to .gitignore.
Install Mechanism
Install uses the npm package cos-nodejs-sdk-v5 (installed locally by setup.sh). This is a standard package registry workflow (moderate risk but expected for a Node.js COS integration); there are no downloads from arbitrary URLs or extract-from-remote steps.
Credentials
Requested secrets (SecretId, SecretKey, optional Token) and config (Region, Bucket, optional DatasetName/Domain/Protocol) are proportionate and documented. The skill also documents sensitivity and recommends STS temporary credentials and least-privilege subaccounts, which is appropriate.
Persistence & Privilege
The skill runs with normal privileges. It does create package.json/npm modules in the project and can write a local .env file only when user opts for --persist; it can also create an encrypted .env.enc. This is within the skill's scope but users should be aware that opting into persistence writes credentials to disk (even if permissioned) and that running npm install executes code from registry packages.
Assessment
This package appears to do what it claims, but take these precautions before installing: 1) Use STS temporary credentials or a least-privilege sub-account (do not use root account keys). 2) Avoid running setup.sh with --persist unless you intentionally want credentials written to disk; if you do persist, prefer encrypting (.env.enc) and understand the encryption ties to your machine/user. 3) Review and verify the npm package cos-nodejs-sdk-v5 (source and version) and consider installing in an isolated environment. 4) After use, remove credentials and node_modules if no longer needed (rm -f .env .env.enc && rm -rf node_modules). 5) If you need stronger assurance, inspect scripts/cos_node.mjs in full (it executes arbitrary SDK calls and performs filesystem writes) and confirm it only communicates with Tencent COS/CI endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk974wj20wph08h4f1gzx5e2jkh84cxad
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
☁️ Clawdis
ConfigRegion, Bucket
Install
Install COS Node.js SDK
npm i -g cos-nodejs-sdk-v5