Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Tencent Cloud Infra
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate but very powerful Tencent Cloud administration skill that should be reviewed carefully because it can store cloud OAuth credentials and run root-level commands that modify or wipe cloud resources.
Install only if you want a broad Tencent Cloud administration assistant. Use a least-privilege Tencent Cloud account, confirm every paid or destructive action, verify instance/disk/region IDs before running commands, and remove or revoke saved tccli credentials when finished.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Anyone or any process that can use the saved tccli profile may be able to act on the user's Tencent Cloud account, potentially changing resources or causing costs.
Why it was flagged
The helper invites the user to provide the OAuth verification code to the AI assistant, then stores Tencent Cloud secret material and OAuth refresh material in the default tccli credential profile.
Skill content
print("或发送给 AI 助手,让它帮你完成登录。") ... "refreshToken": token["refreshToken"] ... with open(cred_path, "w") as cred_file:Recommendation
Use a least-privilege Tencent Cloud sub-account/profile, avoid sharing OAuth codes unless necessary, inspect and protect ~/.tccli credentials, and revoke or remove credentials after the task.
What this means
If the wrong instance or disk is selected, this can destroy data or leave a server unable to boot or mount storage correctly.
Why it was flagged
The documented workflow uses Tencent Cloud TAT to run root shell commands that partition and format a disk and change boot-time mount configuration.
Skill content
tccli tat RunCommand ... --Username "root" ... parted -s ${DISK} mklabel gpt ... mkfs.ext4 ${DISK}1 ... echo "UUID=${UUID} ${MOUNT_POINT} ext4 defaults 0 2" >> /etc/fstabRecommendation
Require explicit confirmation of region, instance ID, disk ID/device path, mount point, and backups before running these commands; prefer dry-run/read-only checks where available.
What this means
A deployment could change the target server's runtime environment or remove an existing Go installation.
Why it was flagged
The deployment guide includes remote installer execution and a destructive replacement of an existing Go installation. This fits the deployment purpose, but it executes external code and modifies privileged paths.
Skill content
curl -fsSL https://get.docker.com | sh ... rm -rf /usr/local/go && tar -C /usr/local -xzf /tmp/go.tar.gz
Recommendation
Review installer sources, pin versions where possible, and confirm before executing commands that pipe scripts to a shell or delete existing software directories.
What this means
Future package changes could affect behavior or introduce dependency risk.
Why it was flagged
The skill relies on installing the tccli package without a pinned version. That is normal for a cloud CLI integration, but the exact reviewed dependency version is not fixed.
Skill content
"kind": "pip", "package": "tccli", "bins": ["tccli"], "label": "Install TCCLI"
Recommendation
Install tccli from the official trusted source, consider pinning a known-good version, and review package updates before use in sensitive environments.