ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AndonQ

v1.0.0

腾讯云 AndonQ 工单与智能客服助手 — 不切窗口、不排队,即刻获得腾讯云全产品线专业解答。支持工单查询(列表/详情/流水)、集团工单与需求单管理,以及腾讯云全产品线智能问答。当用户查询工单、查看工单详情、咨询腾讯云产品问题(如 CVM、轻量应用服务器、COS 等)、查询集团工单/需求单,或要求找人工客服时使用。

0· 60·0 current·0 all-time
byAutoClaw@llm-pm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description match the code: ticket queries use Tencent Cloud AK/SK TC3 signing and SmartQA uses SSE to Tencent endpoints. That is coherent. However, the registry metadata claims no required environment variables or primary credential while SKILL.md and the code explicitly require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY for ticket APIs. Additionally, the environment check calls an external CLI ('clawhub') via subprocess which is not declared as a required binary.
!
Instruction Scope
Runtime instructions direct the user to permanently write AK/SK into shell config files (~/.bashrc or ~/.zshrc or Windows user env) and to run a pre-check script that will call an external command ('clawhub inspect'). While the skill needs credentials to call signed APIs, instructing users to persist secrets into shell startup files is stronger than necessary and expands the scope of changes to the user's environment. The SKILL.md otherwise stays within ticket/query and chat behaviors and does not direct unrelated data collection or unexpected external endpoints.
Install Mechanism
There is no install spec (instruction-only + included Python scripts). No remote downloads or installers are invoked by the skill itself. The included code performs network calls to tandon.tencentcloudapi.com and andon.cloud.tencent.com/cloud.tencent.com as expected for its purpose; nothing in the install mechanism suggests arbitrary code download at install time.
!
Credentials
The skill legitimately requires Tencent Cloud AK/SK for signed ticket APIs and the SmartQA portion can run without credentials. However: (1) the registry metadata failed to declare these required credentials, creating an information mismatch; (2) the instructions demand permanently writing these sensitive credentials into shell profile files which increases the persistence and exposure of secrets. The code masks credentials when printing, and there is no code-path that exfiltrates them in the provided files, but storing secrets in startup files is a noteworthy risk and not strictly necessary for short-lived use.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills or system-wide settings programmatically. However, SKILL.md explicitly instructs users to persist credentials in shell profiles, which changes the user's environment persistently. The included check_env.py states it is read-only, and none of the modules self-enable or alter other skills.
What to consider before installing
This skill appears to be a real Tencent Cloud Andon ticket + SmartQA client, but there are a few red flags you should consider before installing or using it: - Credentials disclosure: The skill needs TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY to query tickets. The SKILL.md tells you to write them permanently into your shell profile (~/.bashrc / ~/.zshrc or Windows user env). Persisting AK/SK in startup files increases exposure — prefer using ephemeral environment variables, a dedicated least-privilege key, or a short-lived credential mechanism if available. Rotate the keys after initial use. - Metadata mismatch: The registry metadata lists no required env vars while the skill and docs require AK/SK; this mismatch can be accidental but it hides important security context from users. Treat the skill as requiring sensitive credentials until proven otherwise. - Version check subprocess: The environment checker runs 'clawhub inspect <slug>' via subprocess. That call will fail harmlessly if clawhub is not installed, but it means the script assumes an external CLI may exist; review what that CLI would do in your environment before installing it. - Code review & network behavior: The Python code included is readable and shows HTTP(S) requests to Tencent endpoints (tandon.tencentcloudapi.com, andon.cloud.tencent.com, cloud.tencent.com). There is no obvious credential exfiltration in these files, but you should run the code locally or review it fully before supplying credentials. Practical steps: - If you want to proceed: create a dedicated least-privilege Tencent Cloud API key (scope-limited if possible), do not store it permanently in shell startup files — set env vars only for the session or use a secrets manager, and rotate the key afterwards. - Run check_env.py locally (it is advertised read-only) to validate behavior before invoking ticket APIs. - Inspect/grep the code locally for any unexpected outbound hosts beyond the documented Tencent hosts. - If you cannot audit the code, avoid entering long-lived credentials into persistent configs; consider running this skill in an isolated environment or container. Confidence: medium — the functionality and network targets match the advertised purpose, but the undeclared credential requirement and the instruction to persist secrets into shell startup files are disproportionate and merit caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk976xzw80x729czn72j9s3927n83qv9c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments