腾讯云跨账号资源迁移

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Tencent Cloud migration tool, but it needs Review because it stores powerful cloud credentials in plaintext generated files and can create or destroy cloud infrastructure.

Install only if you are comfortable giving this tool source and destination Tencent Cloud credentials and Terraform authority. Use temporary least-privilege credentials, keep account.yaml, tc-migrate.yaml, terraform.tfvars, tfplan, and terraform.tfstate out of version control, restrict their file permissions, review Terraform plan output, avoid --yes in production, and verify any IPv6 security-group rules manually after migration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (34)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares no permissions, yet its documented workflow clearly requires shell execution, reading credential/config files, and writing generated artifacts such as YAML, tfvars, and Terraform state. This mismatch is dangerous because it hides the skill's real capabilities from any permission-gating or review process, increasing the chance that a user or platform authorizes actions without understanding that the skill can access secrets and modify local infrastructure files.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The `config auto` flow presents `account.yaml` as the place for sensitive credentials, but then persists the generated config object to `tc-migrate.yaml` and explicitly states that secrets are stored there as well. This creates a misleading security boundary: operators may treat `tc-migrate.yaml` as non-sensitive and commit, share, or back it up more broadly, causing credential disclosure.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The plugin intentionally filters out pure IPv6 security-group rules during config generation and tfvars rendering, which can silently weaken or change the migrated network policy relative to the source environment. In a migration tool, dropping access-control rules without an explicit opt-in, warning, or per-resource compatibility handling creates a security-relevant mismatch that may expose services or break intended segmentation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to create an account credential file, fill in source and destination cloud access keys, and then run automated migration commands, but it does not warn about secure secret handling, least-privilege credential scope, or the fact that Terraform-backed migration can create, modify, or disrupt production infrastructure. In a cross-account cloud migration tool, this omission materially increases the chance of credential leakage or accidental destructive changes by operators following the quick-start blindly.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document explicitly shows `SecretId` and `SecretKey` stored in `account.yaml` and later propagated into generated configuration, but it does not warn users that these are long-lived cloud credentials that should not be stored in plaintext without strict controls. In a migration tool that operates across two Tencent Cloud accounts, compromise of this file could expose broad read/write access and enable unauthorized resource discovery, creation, or destruction.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The workflow states that `terraform.tfvars`, `tfplan`, and `terraform.tfstate` are generated while earlier examples show plaintext secrets being merged into Terraform inputs. Terraform state and variable files commonly contain provider credentials, resource metadata, and network topology; leaving this undocumented and unprotected materially increases the chance of credential leakage and full environment compromise.

Missing User Warnings

High

Confidence: 87% confidence
Finding: The document advertises `tc-migrate destroy` as a simple scenario command without any warning that it is destructive, may remove all migrated networking and compute resources, and could cause outage or data loss. Even though this is documentation rather than executable code, normalizing a dangerous command without caution increases the likelihood of operator error in production environments.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document includes a concrete credential file layout and example secret fields (`secret_id`, `secret_key`) but does not explicitly warn users to protect, avoid committing, or securely store these files. In a migration skill that operates across two cloud accounts and writes Terraform state and tfvars locally, this omission increases the chance that real credentials will be stored insecurely, leaked via version control, or exposed through shared working directories.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: `auto_discover()` returns a configuration dictionary containing raw `secret_id` and `secret_key` for both accounts. In a migration tool, that config is likely to be serialized to YAML/JSON, logged, cached, or passed between components, which materially increases the risk of credential disclosure and subsequent compromise of Tencent Cloud accounts.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The command automatically writes configuration after assembling live cloud credentials and provides no pre-save warning, confirmation, or safe default to exclude secrets. In a migration tool handling privileged Tencent Cloud accounts, silently duplicating credentials into `tc-migrate.yaml` materially increases the chance of source/target account compromise through accidental repository commits, artifact retention, or operator sharing.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The command automatically persists newly discovered UIN values back into the configuration file as soon as they are queried, without requiring explicit user confirmation for this write. In a migration tool that handles account credentials and account metadata, silent modification of local config can surprise users, alter tracked files, or store sensitive account identifiers in places they did not intend.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The module allows terraform apply and destroy to run with -auto-approve, enabling immediate infrastructure creation, modification, or deletion without an interactive confirmation barrier in this layer. In a cross-account cloud migration tool, that materially increases the risk of accidental or unauthorized destructive changes if upstream validation or user intent checks are weak.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code renders cloud account secret IDs and secret keys directly into a terraform.tfvars file and writes it to disk. This creates plaintext credential exposure risk through local filesystem access, backups, accidental commits, artifact collection, or CI/CD workspace leakage; in a cross-account migration tool, those credentials can grant broad control over both source and destination cloud environments.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The generated YAML embeds both accounts' SecretId and SecretKey in plaintext, creating a durable credential artifact on disk. In a migration tool handling cross-account cloud infrastructure, compromise of this file could enable unauthorized access to source and destination environments, making the context especially sensitive.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The tool accepts cloud API credentials directly via command-line arguments, which can expose secrets through shell history, process listings, audit logs, and CI job metadata. In this skill's context, the credentials belong to two Tencent Cloud accounts involved in cross-account migration, so exposure could enable unauthorized access to sensitive infrastructure in both source and target environments.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script accepts Tencent Cloud SecretId and SecretKey directly as command-line arguments, which can expose credentials through shell history, process listings, audit logs, and CI/job metadata. In a cloud migration tool, these credentials are highly privileged and could enable unauthorized access to inventory or modify infrastructure if leaked.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The wizard directly prompts for SecretId and SecretKey, then uses them to perform an automatic remote UIN lookup without clearly warning the user that credentials will be transmitted to an API call. In a migration tool handling cross-account cloud resources, this increases the chance of inadvertent secret disclosure or unsafe credential handling, especially if users assume the step is purely local or if errors/logging expose sensitive data.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # tc-migrate 依赖 # 安装: pip install -r requirements.txt click>=8.1.0 pyyaml>=6.0 rich>=13.0.0 pydantic>=2.0.0
Confidence: 91% confidence
Finding: click>=8.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 安装: pip install -r requirements.txt click>=8.1.0 pyyaml>=6.0 rich>=13.0.0 pydantic>=2.0.0 jinja2>=3.1.0
Confidence: 97% confidence
Finding: pyyaml>=6.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: click>=8.1.0 pyyaml>=6.0 rich>=13.0.0 pydantic>=2.0.0 jinja2>=3.1.0 tencentcloud-sdk-python>=3.0.0
Confidence: 89% confidence
Finding: rich>=13.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: click>=8.1.0 pyyaml>=6.0 rich>=13.0.0 pydantic>=2.0.0 jinja2>=3.1.0 tencentcloud-sdk-python>=3.0.0
Confidence: 95% confidence
Finding: pydantic>=2.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pyyaml>=6.0 rich>=13.0.0 pydantic>=2.0.0 jinja2>=3.1.0 tencentcloud-sdk-python>=3.0.0
Confidence: 97% confidence
Finding: jinja2>=3.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: rich>=13.0.0 pydantic>=2.0.0 jinja2>=3.1.0 tencentcloud-sdk-python>=3.0.0
Confidence: 90% confidence
Finding: tencentcloud-sdk-python>=3.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: click>=8.1.0 pyyaml>=6.0 rich>=13.0.0 pydantic>=2.0.0
Confidence: 92% confidence
Finding: click>=8.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: click>=8.1.0 pyyaml>=6.0 rich>=13.0.0 pydantic>=2.0.0 jinja2>=3.1.0
Confidence: 97% confidence
Finding: pyyaml>=6.0

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal