ClawHub

Tencent Cloud Rum

v0.1.2

Query Tencent Cloud RUM data, analyze Web performance (LCP/FCP/WebVitals), troubleshoot JS/Promise errors, analyze API latency & error rates, diagnose slow s...

0· 65·0 current·0 all-time
by@lauraytwu-create
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is explicitly for Tencent Cloud RUM and only requests a RUM_TOKEN formatted as SecretId:SecretKey. The SKILL.md, references, and setup script all target the RUM MCP endpoint and RUM APIs — requested credential and operations match the described functionality.
Instruction Scope
Runtime instructions are focused on RUM workflows (QueryRumWebMetric, QueryRumWebLog, etc.) and include a setup.sh to configure an MCP client. There are no instructions to read unrelated system files or to exfiltrate data to unexpected endpoints beyond the MCP server (https://app.rumt-zh.com/sse).
Install Mechanism
No registry install spec is declared, but setup.sh installs mcporter globally via npm (npm install -g mcporter) and uses node to write config. Installing a CLI from npm is a common approach but carries moderate risk: the package and its provenance should be inspected before running, and global npm installs modify the system environment.
Credentials
Only RUM_TOKEN is required (SecretId:SecretKey), which is appropriate for calling Tencent Cloud APIs. However, the setup script writes those credentials in plaintext to $HOME/.mcporter/mcporter.json, creating persistent local storage of secret keys — expected for a CLI but worth caution and using least-privilege/temporary keys when possible.
Persistence & Privilege
The skill does not demand always:true or elevated platform privileges, but the setup will install a global CLI and create/overwrite a $HOME/.mcporter configuration file containing the SecretId/SecretKey. This is normal for a CLI client but is a permanent change to the user's environment until removed.
Assessment
This skill appears coherent for connecting to Tencent Cloud RUM. Before installing/running setup.sh: (1) Verify the mcporter npm package and its source (npm package name and maintainer) to ensure you trust the CLI it will install. (2) Confirm the MCP endpoint domain (https://app.rumt-zh.com) is legitimate for your organization or Tencent service. (3) Prefer using least-privilege or temporary API credentials rather than long-lived root keys, because setup.sh writes SecretId and SecretKey in plaintext to $HOME/.mcporter/mcporter.json and installs a global npm package. (4) If you cannot vet the package or endpoint, run setup in an isolated environment (container/VM) or inspect/modify setup.sh to avoid global npm installs and to store credentials more securely.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5cgev1v4gmcqvpj7njynqs84fp0h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
EnvRUM_TOKEN
Primary envRUM_TOKEN

Comments