Tencent Cloud TIONE

What to check before installing/use: - Metadata mismatch: The registry entry does not list required Tencent credentials but SKILL.md and the scripts do require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY. Do not assume the platform will prompt for these — verify and set them yourself if you intend to use the skill. - Credentials: Provide least-privilege/read-only API keys for TI-ONE. Although scripts call only Describe* APIs, full-permission keys could be abused if an attacker or a misconfigured agent runs tccli directly. - Install: The skill expects tccli and jq. SKILL.md suggests pip/apt/brew installs; confirm you install from official sources (pip index / distro packages) and inspect the tccli package origin if you are concerned. - Enforcement: The SKILL.md claims 'do not call tccli directly' — this is a procedural constraint, not technically enforced. If you allow autonomous skill invocation, the agent could potentially run other commands unless your runtime sandbox prevents it. Consider disabling autonomous invocation for untrusted skills or review invocation policies. - Audit: Because this skill includes shell scripts, review the scripts (they are included) to confirm there is no code path that prints or transmits secret values. Verify the scripts' behavior in a safe environment with test credentials first. If you want me to, I can produce a short checklist and commands to validate the scripts locally (e.g., run lint/grep for suspicious network endpoints, simulate with dummy env vars, or verify which tccli actions are invoked).