Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
云迁移CMG
v1.0.0腾讯云迁移平台(CMG/MSP)全流程能力。触发词:资源扫描、扫描阿里云/AWS/华为云/GCP资源、生成云资源清单、选型推荐、对标腾讯云、推荐规格、帮我推荐、给我推荐、ECS对应什么腾讯云产品、成本分析、TCO、迁移报价、询价、价格计算器、cmg-scan、cmg-recommend、cmg-tco
⭐ 1· 59·0 current·0 all-time
byAutoClaw@llm-pm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Functionality (scan → recommend → TCO) aligns with the name/description. Requiring cloud account credentials for scanning/pricing is expected. However the skill auto-configures a remote MCP server (mcporter) using a hard-coded default address (http://61.151.231.241) and directs downloads from a COS URL (msp-release-1258344699.cos.ap-shanghai.myqcloud.com). Those external endpoints are not documented in the description/homepage and feel disproportionate unless the operator of those hosts is trusted by the user.
Instruction Scope
SKILL.md and scripts instruct the agent/user to: download and run precompiled scanners from a COS bucket, run tco_pricing.py which accepts AK/SK and will call cloud provider APIs, and install/configure mcporter to point to an external MCP Server. The setup flow auto-uses the default server URL without prompting. The recommendation flow sends resource/specification data to the remote MCP Server (via mcporter), which can include sensitive inventory — this is beyond the skill description's explicit scope and could leak data if the remote endpoint is untrusted.
Install Mechanism
No formal install spec in registry, but runtime instructions perform network installs: npm -g mcporter and downloading precompiled scanner binaries from a Tencent COS bucket URL. Installing a global npm package and executing opaque binaries from a cloud object store are moderate-to-high risk unless you verify package/binary provenance and integrity (checksums/signing). The MCP server default is a raw IP (61.151.231.241), which is a red flag for an unvetted remote endpoint.
Credentials
The skill legitimately needs cloud credentials/keys to scan provider APIs and to run pricing queries; scripts and docs instruct the user to provide SecretId/SecretKey or AK/SK. The registry metadata declares no required env vars, so credentials are provided at runtime (config.yaml / CLI args). This is proportionate for the function, but the instructions also configure a remote MCP server that will receive resource/spec data — you should confirm whether any credentials or sensitive inventory are ever forwarded to that remote server.
Persistence & Privilege
The skill does not request always:true. It will install mcporter globally (npm) and write mcporter config to ~/.mcporter/mcporter.json (persisting a remote server entry). Writing this tool-specific config and installing a global binary are expected for mcporter-based integration, but the script's automatic configuration (without prompting) and default remote server are concerning because they create a persistent connection to an external service.
What to consider before installing
Before installing or running this skill: 1) Treat the default MCP server (http://61.151.231.241) and the COS download host as untrusted until you verify their operators — do not allow automatic --setup to use the default server; specify a vetted internal/official MCP Server or skip that step. 2) Inspect the mcporter npm package source and the precompiled scanner binaries (verify checksums/signatures) before installing/executing. 3) Understand what data will be sent to the remote MCP Server (resource IDs, config, pricing queries) and avoid sending credentials to unknown endpoints. 4) Run scanner binaries and any installation steps in an isolated environment (VM/container) if you must test. 5) If you provide cloud credentials for scanning/pricing, use least-privilege keys, prefer read-only scopes, and rotate keys after use. 6) Ask the publisher/operator for provenance (who runs 61.151.231.241 and the COS bucket), checksums for binaries, and an option to run recommendation logic entirely locally — getting those answers would increase confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97awjk86424x23drsfdh65td183p0es
License
MIT-0
Free to use, modify, and redistribute. No attribution required.