cos-vectors-skill

ReviewAudited by ClawScan on May 18, 2026.

Overview

The skill matches its Tencent COS vector-management purpose, but it uses powerful cloud credentials and defaults provider calls to unencrypted HTTP, so it should be reviewed before use.

Install only if you trust the publisher and need Tencent COS vector-bucket administration. Before use, force HTTPS, use a least-privilege Tencent Cloud subaccount key, avoid passing secrets on the command line, and require explicit confirmation before delete or bucket-policy operations.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Cloud requests, vector data, bucket names, policies, and authorization material could be exposed to network observers if the default HTTP setting is used.

Why it was flagged

The code uses Tencent Cloud SecretId/SecretKey for COS vector operations while defaulting the SDK transport scheme to HTTP instead of HTTPS.

Skill content

parser.add_argument("--scheme", default="http", choices=["http", "https"], ...)
...
CosConfig(... SecretId=args.secret_id, SecretKey=args.secret_key, Scheme=args.scheme, Endpoint=endpoint, ...)

Recommendation

Change the default to HTTPS, remove HTTP unless explicitly needed, and use least-privilege Tencent Cloud subaccount keys.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A mistaken or overly broad agent action could delete COS vector resources or change who can access them.

Why it was flagged

The skill explicitly exposes destructive and permission-changing cloud operations, including bucket deletion, index/vector deletion, and bucket policy changes.

Skill content

| **向量桶管理** | 创建向量桶 | `create_vector_bucket.py` |
| | 删除向量桶 | `delete_vector_bucket.py` |
...
| **桶策略管理** | 设置桶策略 | `put_vector_bucket_policy.py` |
...
| **向量数据操作** | 删除向量 | `delete_vectors.py` |

Recommendation

Use this skill only with explicit user approval for delete and policy operations, keep backups where possible, and restrict credentials to the minimum COS permissions needed.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Future SDK changes could alter behavior or introduce dependency risk, even though the dependency is purpose-aligned.

Why it was flagged

The documented setup installs or upgrades an external SDK without a pinned version or lockfile.

Skill content

pip3 install cos-python-sdk-v5 --upgrade

Recommendation

Pin a known-good SDK version and install from trusted package indexes or an approved internal mirror.