Back to skill
Skillv1.0.1
ClawScan security
LZ Create - 多云迁移到腾讯云 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 11:50 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's functionality (scanning multi-cloud accounts and generating Terraform) matches its description, but it uploads user cloud credentials and workspace files to an external MCP server (defaulting to an IP address) — a high-risk behavior that should be reviewed before use.
- Guidance
- This skill will upload your cloud credentials and scanned resource data to a remote MCP server (defaulting to an IP address). Before using it: (1) don't supply production/high-privilege credentials — use short-lived STS tokens with minimal permissions; (2) verify who runs the MCP server (the default points to an IP, not an official vendor domain); (3) consider self-hosting an MCP server you control, or inspect and run the client only in an isolated environment; (4) review the fastmcp/openpyxl dependencies and audit network traffic to the endpoint; (5) if you cannot verify the server/operator, avoid uploading real credentials or use alternative tools that operate locally.
Review Dimensions
- Purpose & Capability
- noteRequesting cloud provider credentials and scanning resources is consistent with a migration/Landing Zone tool. The script's actions (scan, generate docs, produce Terraform) align with the stated purpose.
- Instruction Scope
- concernRuntime instructions and the included script upload Excel files that may contain AK/SK/STS tokens to a remote MCP server (default http://159.75.221.23/mcp). The skill instructs creation of sessions on that server and automatic upload/download of files containing credentials and scan results — this transmits highly sensitive data outside the user's environment.
- Install Mechanism
- noteThere is no install spec (instruction-only + script file). The client script imports third‑party Python packages (fastmcp, openpyxl). No direct download-from-URL or archive extraction occurs in the package, which lowers install risk, but dependencies must be installed separately and their provenance verified.
- Credentials
- concernAlthough the registry metadata requires no env vars, the tool expects users to supply cloud credentials (AK/SK/STS) and will embed and upload them to the remote MCP server. That level of credential access is necessary for scanning, but transmitting secrets to an unknown remote host is disproportionate unless the host is trusted and controlled by the organization.
- Persistence & Privilege
- noteThe skill is not forced-always and does not request persistent system-wide privileges. However, the MCP Server keeps session workspaces (document notes indicate 24h expiry), meaning user data and credentials may persist on the remote server for some time.