ClawHub
Back to skill
v0.1.0

Tencent Cloud Log Service

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:21 AM.

Analysis

This skill is a coherent Tencent Cloud log-query helper, but users should notice it relies on a third-party CLI and Tencent Cloud API credentials to read potentially sensitive logs.

GuidanceBefore installing, verify the clscli Homebrew tap, use a dedicated least-privilege Tencent Cloud key for CLS read access, and limit log queries to the topics and time ranges you actually need.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
brew tap dbwang0130/clscli
brew install dbwang0130/clscli/clscli

The setup instructions install an external CLI from a Homebrew tap. This is central to the skill's purpose, but the registry has no install spec or pinned provenance information.

User impactInstalling the CLI gives locally installed software access to the environment where Tencent Cloud credentials may be set.
RecommendationVerify the Homebrew tap and CLI source before installation, and keep the installed CLI updated from a trusted source.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
env": ["TENCENTCLOUD_SECRET_ID", "TENCENTCLOUD_SECRET_KEY"]

The skill requires Tencent Cloud API credentials to access CLS. This is purpose-aligned, but those credentials may carry broader cloud permissions if the user supplies an over-privileged key.

User impactThe skill can access Tencent Cloud log data using the credentials available in the environment.
RecommendationUse a dedicated Tencent Cloud credential with the minimum CLS read permissions needed, and avoid using broad administrator keys.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
Query and analyze Tencent Cloud CLS logs.

The skill brings retrieved log content into the agent's context for analysis. Logs may contain sensitive data or attacker-controlled text, so they should be treated as data rather than instructions.

User impactSensitive or misleading log entries could be exposed to the agent during troubleshooting or analysis.
RecommendationReview queries before running them, limit time ranges and topics where possible, and do not treat log text as trusted instructions.