Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tencent COS Uploader
v0.1.0使用腾讯云 COS Python SDK 上传指定本地文件到目标 Bucket,并生成可用于查看和下载的预签名访问链接。用户提到 COS、对象存储、Bucket、上传文件、临时分享链接、签名 URL、下载直链时使用此 skill。
⭐ 0· 67·0 current·0 all-time
byhoyt@hoyt-tian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the included script: it uploads a local file to Tencent COS and generates presigned view/download links. However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and the script require COS credentials (COS_SECRET_ID, COS_SECRET_KEY, COS_REGION, COS_BUCKET, optional COS_SESSION_TOKEN). That metadata omission is an inconsistency.
Instruction Scope
SKILL.md instructions are narrowly scoped to installing the Tencent COS SDK, supplying COS credentials (CLI args or env), and running the included script to upload a file and return URLs. The script only reads the specified local file, reports its size, uploads it to COS, and prints JSON output. It does not reference unrelated files, system paths, or external endpoints beyond the COS SDK's network calls.
Install Mechanism
There is no automated install spec (instruction-only install). The README asks the user to pip install cos-python-sdk-v5; no custom downloads or archive extraction are performed by the skill itself. This is low-risk from an install mechanism perspective.
Credentials
The script legitimately needs sensitive credentials (SecretId/SecretKey and optionally STS token) to authenticate to Tencent COS — this is expected for the stated purpose. The concern is that the skill's registry metadata does not declare these required env vars or a primary credential, which is disproportionate to how the skill is presented in metadata and could hide required secrets from users or automated consent checks.
Persistence & Privilege
The skill does not request persistent system presence (always: false). It does not modify other skill or system configuration. Autonomous invocation is allowed (default) but this is normal and not combined with other alarming privileges.
What to consider before installing
This skill appears to do exactly what it says: upload a local file to Tencent COS and return presigned view/download URLs. Before installing or running it, note that you will need to provide Tencent COS credentials (COS_SECRET_ID and COS_SECRET_KEY, plus COS_REGION and COS_BUCKET or CLI args). The registry metadata does not list these env vars — verify you are comfortable supplying those secrets and prefer using a temporary STS token (COS_SESSION_TOKEN) and least-privilege credentials. Run the script in a controlled environment (not on a machine with unrelated secrets), confirm the target bucket is correct, keep presigned URL expiry short, and inspect the printed JSON (upload_result) for any unexpected behavior. If you plan to allow an agent to call this skill, ensure the agent is only granted the specific COS credentials necessary and not broader account credentials. If you want higher assurance, request that the publisher update the registry metadata to declare required env vars and primary credential so permission reviewers can see the need for secrets up front.Like a lobster shell, security has layers — review code before you run it.
latestvk97cwx6mf9vktqddm8kh4895bh83jf0n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.