Back to skill

Security audit

Tencent Cloud Management Tool

Security checks across malware telemetry and agentic risk

Overview

This Tencent Cloud management skill is purpose-aligned, but it asks users to pass cloud login token material through the agent and includes several under-scoped high-impact cloud and credential-handling workflows.

Install only if you intend to let an agent manage Tencent Cloud resources. Treat OAuth codes and ~/.tccli credential files as secrets, prefer least-privilege temporary credentials, avoid sending login codes through chat, do not run missing helper scripts unless you have reviewed them, and confirm every paid, destructive, DNS, disk-formatting, or root remote command before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script explicitly instructs users to send the OAuth verification code to an AI assistant. That code is not a harmless OTP; it base64-decodes into token material used to obtain temporary cloud credentials, so sharing it expands the trust boundary from the local user workflow to a third party and can enable account access.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Broad trigger phrases such as everyday account or server-help language can cause the skill to activate unexpectedly in conversations that did not intend cloud credential or resource operations. In this skill, accidental activation is more concerning because the skill can lead into authentication, credential checks, and potentially destructive cloud-management actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document instructs users to export Tencent Cloud secrets directly into shell environment variables without any warning about shell history exposure, process/environment leakage, shared-session risk, or the need for least-privilege credentials. In an agent skill that may be followed verbatim, this can cause long-lived cloud API credentials to be exposed to other local users, logs, crash reports, or downstream commands.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill defines SSH and SCP helpers using sshpass with a plaintext password and disables host key verification via StrictHostKeyChecking=no. This exposes credentials in shell history and process listings while also making man-in-the-middle attacks easier because the remote host is not authenticated.

Missing User Warnings

High
Confidence
99% confidence
Finding
Embedding a Personal Access Token directly in the git clone URL can leak the token through shell history, process arguments, terminal logs, proxy logs, and CI transcripts. Because the token may grant source-code or broader account access, exposure can lead to repository compromise or further credential abuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide includes a workflow to retrieve the BT panel's initial password via TAT and then decode and print the command output in cleartext, but it does not warn that this exposes a high-value administrative credential. In an agent skill context, such output may be logged, echoed back to the user, stored in transcripts, or exposed to other tools, increasing the chance of credential leakage and unauthorized server administration.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The helper persists credential data to disk, including OAuth accessToken and refreshToken under the nested oauth object, without setting restrictive file permissions or warning the user that long-lived secrets are being stored locally. On multi-user systems or misconfigured environments, this increases the chance of credential disclosure and subsequent cloud account compromise.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script tells users they may send the base64 verification code to an AI assistant, but that code contains sensitive OAuth token data rather than a simple display-only challenge. This normalizes disclosure of authentication material in natural language channels and can directly lead to unauthorized access if copied into logs, chats, or external services.

Ssd 3

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to ask the user to send back the full OAuth login code and then process it on the user's behalf. Even if temporary, this is an authentication secret that can be replayed or abused to obtain cloud access, and routing it through the agent unnecessarily exposes a sensitive credential to logging, retention, or compromise in the agent environment.

Ssd 3

High
Confidence
99% confidence
Finding
Encouraging users to provide the OAuth verification code to an AI assistant is effectively encouraging disclosure of sensitive authentication artifacts outside the trusted local login path. In a cloud-management skill context, this is especially dangerous because successful misuse can yield tokens and temporary credentials for Tencent Cloud resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
references/lighthouse-app-deploy.md:257