ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

txcloud-diagnostics

v1.0.0

用于腾讯云云产品异常诊断。当用户反馈腾讯云相关的任何异常、产品/实例不可用等情况时,根据反馈的实例和异常信息,自动拉取监控等数据进行分析诊断,输出原因和建议。

0· 65·0 current·0 all-time
bycareyzhang@crueluncle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and scripts clearly depend on the tccli CLI and on the ability to call Tencent Cloud TAT APIs, but the skill metadata declares no required binaries or credentials. A diagnostic skill legitimately needs tccli and valid Tencent Cloud credentials; those should be declared. The omission is an incoherence between claimed requirements and actual capabilities.
!
Instruction Scope
Runtime instructions direct the agent to run prefetch.py / diagnose.py and to start a background tccli_auth_daemon that writes/reads files under /tmp and interacts with an interactive tccli auth flow. The SKILL.md explicitly instructs suppressing intermediate output and to ask the user to paste a base64-style auth code which will be written verbatim to /tmp and fed into the tccli process. The skill also permits performing OS-level diagnostics via TAT (remote command execution). Although the SKILL.md prescribes a whitelist of 'read-only' commands, this is enforced by instructions, not by the code: exec_tat accepts arbitrary commands and will submit whatever the caller passes to TAT.
Install Mechanism
No install spec is present (instruction + scripts only), so nothing is downloaded or auto-installed by the registry package. That lowers supply-chain risk compared to remote downloads or package installs.
!
Credentials
The skill requests no declared credentials/env vars, yet it requires valid Tencent Cloud credentials (obtained via tccli auth) and relies on tccli being present on PATH. It also writes user-supplied auth tokens into /tmp files and runs a background auth daemon. The ability to run TAT remote commands implies the skill will use credentials with permissions to execute commands on instances — this level of access should be declared and minimized.
Persistence & Privilege
always:false (good). The skill suggests launching a background tccli_auth_daemon (nohup) for up to 10 minutes and writes logs to /tmp; it does not request permanent installation or modify other skills. However, because the agent can invoke the skill autonomously and the scripts can call TAT to run commands on instances, there's an elevated operational risk if invoked without strict human review.
What to consider before installing
Key things to consider before installing: - The package did not declare required binaries or credentials, but the scripts require the tccli CLI and valid Tencent Cloud credentials (used to call monitor, tat, and other APIs). Make sure tccli is installed and be aware this skill will prompt you to authenticate. - The auth flow starts a background daemon that writes/reads files under /tmp and asks the user to paste the interactive auth code; that code will be written verbatim to /tmp and submitted to tccli. Only proceed if you trust the skill and are comfortable running such a flow locally. - The skill can perform TAT remote execution on your instances. Although the documentation lists a read-only command whitelist, the code will accept and forward arbitrary commands provided at runtime — this is a powerful capability. Only run this skill with credentials scoped to read-only/diagnostic operations, or require manual review before executing any TAT command. - The SKILL.md instructs the agent to suppress intermediate errors and internal tccli output; this can hide failures or unexpected behavior. Prefer to run the scripts manually first to observe outputs and logs (/tmp/tccli_daemon.log, /tmp/tccli_auth_link.txt) before enabling automated/agent invocation. Recommended actions: 1. Do not enable autonomous invocation unless you trust the skill fully. Limit to user-invoked only. 2. Inspect and run the scripts in a safe/test account or sandbox before using on production credentials or instances. 3. Restrict credentials used by this skill (least privilege): monitoring + describe permissions, and avoid granting broad TAT/instance-control permissions unless necessary. 4. Ask the author to update metadata to declare tccli as a required binary and to document required IAM scopes; request code changes to enforce a command whitelist for TAT at runtime rather than relying solely on documentation. If you want, I can produce a concise checklist or suggested minimal IAM policy that would be appropriate for safely running this diagnostic skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk975mjyqer1v9fp684351xnsqs83x9z5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments