ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

腾讯云APM性能分析skill

v1.0.0

APM 性能分析工具,通过 MCP 桥接连接腾讯云 APM Server,提供业务系统查询、实例详情、性能指标分析、调用链追踪、火焰图查看等能力。Trigger when user mentions APM, 性能分析, application performance, 业务系统, APM 实例, 调用链, 火焰...

0· 48·0 current·0 all-time
by@doycc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Tencent Cloud APM via MCP) match the code and instructions: the skill loads credentials from .env and sends them as HTTP headers to an MCP SSE server, discovers tools and calls them. Requiring SecretId/SecretKey is coherent with that purpose. Incoherence: the registry metadata declares no required env vars or primary credential, but SKILL.md and code clearly require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY. This mismatch between declared registry requirements and actual runtime requirements is surprising and worth attention.
!
Instruction Scope
Runtime instructions tell the agent/operator to create a local virtual environment, run provided scripts, load .env, and transmit credentials in HTTP headers to the MCP server. The SKILL.md also contains strong '禁令' (forbidding creation of temporary files/scripts and forbidding use of external scripts for processing MCP results), while the bundle includes scripts that create a .apm-venv, generate requirements.txt, and write logs — this is a contradictory guidance set. The agent is instructed to prompt the user to configure .env when credentials are missing; care is required to avoid asking users to paste secrets into chat (the skill forbids echoing them).
Install Mechanism
There is no platform install spec (instruction-only), which is lower-risk, but the included venv_manager.py will create a local virtualenv and use pip to install third-party packages ('mcp', 'httpx'). Those installs will fetch code from PyPI or configured indexes at runtime. No arbitrary URL downloads or archive extractions are present. The included code itself performs filesystem writes (venv, logs, requirements file) when run.
!
Credentials
The skill legitimately requires Tencent credentials (TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY and optional region). That scope is proportionate to a bridge that must authenticate to an MCP server. However, the skill package/registry did not declare these required env vars in the metadata, creating an integrity gap. Also, the skill transmits these credentials as HTTP headers to the configured MCP server (default: https://mcp.tcop.woa.com/apm-console/sse) — this is expected but high-sensitivity behavior that requires the user to trust the remote endpoint.
Persistence & Privilege
The skill does not request elevated platform privileges or 'always: true'. Its runtime behavior creates a local virtualenv (.apm-venv) and log files (./logs/apm_error.log) in the working directory; these are confined to the user's workspace and are normal for such tooling. It does not modify other skills or global agent configuration.
What to consider before installing
What to check before installing/using this skill: - Credentials: The skill requires your Tencent SecretId/SecretKey and will send them as HTTP headers to the MCP server (default host: mcp.tcop.woa.com). Only provide real credentials if you trust that MCP endpoint. Prefer creating a least-privilege API key for this use and rotate/delete it after testing. - Metadata mismatch: The registry metadata did not declare required env vars, but SKILL.md and code require TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY. Treat that as a red flag and verify expectations with the publisher. - Filesystem effects: Running the included scripts will create a local virtual environment (.apm-venv), install packages (mcp, httpx), generate requirements.txt, and write logs under ./logs. Run in an isolated project directory or disposable VM/container if you want to limit impact. - Secrets handling: The skill claims logs and outputs avoid recording secrets and enforces chmod 600, but you should still inspect .env handling and avoid pasting secrets into chat. Use the .env file as instructed and ensure it is added to .gitignore. - Conflicting rules: SKILL.md forbids creating temporary scripts for data parsing while the bundle contains scripts that do create files (venv and logs). Clarify with the author whether interactive mobile usage will ever create files on the host and whether the provided scripts are intended for local/manual use only. - Code review: If you plan to use it, review the included Python files (mcp_client.py and venv_manager.py) yourself for any hidden endpoints or unexpected behavior, and run them in an isolated environment first. If you are uncertain or cannot verify the MCP server/publisher, do not provide production-level credentials. Instead, test with limited/temporary credentials in a throwaway environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cxc3pz6zzxbbga1y6bw2gtn84d2vj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments