ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

tencent-cos-ops

v1.0.0

腾讯云COS对象存储操作工具,用于上传、下载、列举和删除COS中的文件。触发场景: (1) 用户需要将本地文件上传到腾讯云COS对象存储 (2) 用户需要从COS下载文件到本地 (3) 用户需要按月管理COS中的文件(自动按YYYY/MM/前缀组织) (4) 用户需要列出或删除COS中的文件 (5) 用户提到"腾...

0· 62·0 current·0 all-time
by@henrybit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is a COS upload/download/list/delete tool and the included Python script implements those operations using the Tencent COS SDK — this is consistent with the name/description. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and script clearly require COS_SECRET_ID, COS_SECRET_KEY, COS_BUCKET (and optionally COS_REGION).
Instruction Scope
The SKILL.md instructs how to set COS env vars, run the script, and call its functions. The instructions stay within the stated scope (file upload/download/list/delete) and do not ask the agent to read unrelated system files or to contact external endpoints other than COS.
Install Mechanism
No install spec is provided. The code depends on an external package (cos-python-sdk-v5) but the skill does not include an automated install step. This is a packaging omission (user/agent must pip install the dependency); it increases friction but is not by itself malicious.
Credentials
The script legitimately requires Tencent COS credentials (SecretId/SecretKey), bucket name, and region. Those credentials are proportionate to the functionality. The problem is that the skill metadata did not declare these required environment variables/primary credential, so automated permission review or prompts may be missing or misleading.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not attempt to modify other skills or global agent configuration.
What to consider before installing
This skill appears to do exactly what it says (upload/download/list/delete files in Tencent COS). Before installing: (1) be aware you must provide COS_SECRET_ID and COS_SECRET_KEY plus COS_BUCKET (and optionally COS_REGION) — these are sensitive credentials; prefer an IAM/role or least-privilege key scoped to the target bucket. (2) The package metadata did not declare these environment variables or the Python dependency (cos-python-sdk-v5), so your agent or installer may not prompt for them automatically. (3) Review the bucket name and test with a limited-permission credential in an isolated environment. (4) If you want stricter safety, request the publisher to update metadata to declare required env vars and add an install step for the dependency so automated tooling can surface the credential request.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bcqnz61hf2n7fw2g2ahv05d83z1z9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments