ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tencent EdgeOne

v1.0.0

A comprehensive skill for Tencent EdgeOne (Edge Security & Acceleration Platform), covering edge acceleration (DNS, certificates, caching, rule engine, L4 pr...

0· 28·0 current·0 all-time
byedgeone@lz677
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's purpose is EdgeOne management and the instructions exclusively call Tencent Cloud APIs (e.g., DescribeZones, CreatePurgeTask, ModifySecurityIPGroup). However, the skill's metadata lists no required binaries or credentials even though many documents assume use of the `tccli` CLI and Tencent Cloud credentials. Omitting the required tool/credential declaration is an incoherence.
Instruction Scope
The SKILL.md and reference files constrain actions to EdgeOne-related API calls, include explicit safety rules for write operations (double confirmation, never request SecretId/SecretKey, refuse printing credentials), and instruct to prefer retrieval over stale knowledge. There are no broad data-exfiltration steps or unrelated file-system probes in the visible docs.
!
Install Mechanism
This is an instruction-only skill with no install spec (lowest disk/write risk). That said, many instructions assume `tccli` is installed and configured; because the skill does not declare this requirement or provide an install pathway, there's a deployment incoherence that could lead the agent to attempt commands that don't exist or to rely on pre-existing, possibly misconfigured tools.
!
Credentials
The skill requires access to a Tencent Cloud account (read and potentially write operations across zones, security IP groups, certificates, plans, etc.), but requires.env/primary credential fields are empty. It does not ask users for SecretId/SecretKey (good), but the lack of declared credential requirements is misleading — the skill will only work if the runtime has tccli and valid Tencent credentials already present, which is a significant implicit privilege.
Persistence & Privilege
The skill does not request permanent presence (always: false), does not include install code or files that modify system-wide settings, and cannot autonomously add itself. Autonomous invocation is enabled (platform default) but is not combined with other high-risk factors here.
What to consider before installing
This skill appears to be a well-documented EdgeOne playbook, but exercise caution before installing/using it: - Publisher/source is unknown and the skill metadata does not declare required tooling or credentials. The reference docs repeatedly assume the presence of the `tccli` CLI and valid Tencent Cloud credentials; verify that your agent runtime actually has tccli installed and that you understand which account (and its permissions) will be used. - The skill can perform high-impact write actions (create sites, purchase plans, purge caches, modify IP blocklists). The docs require explicit user confirmations for writes — ensure the agent/environment enforces those prompts and that you never paste long-lived SecretId/SecretKey into the chat. - If you plan to use it, confirm the content of references/api/README.md (API calling conventions and any additional environment checks) and who published the skill. If you cannot validate the publisher or the runtime toolchain, treat the skill as untrusted. What would raise confidence: (1) an explicit required-binaries declaration listing `tccli` and an install spec or clear guidance for installing it; (2) publisher/homepage information you trust; (3) a small test run limited to read-only queries you can review before allowing any write steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk979w5r77a9se4fsj4xw859ra1843m1j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Tencent EdgeOne Skill

A comprehensive Tencent EdgeOne skill that routes user requests to the appropriate module and loads the corresponding reference document.

Knowledge about EdgeOne APIs, configuration options, limits, and pricing may be outdated. Prefer retrieval over pre-trained knowledge — the reference files in this skill are only a starting point.

All tasks must be completed by calling APIs. See references/api/README.md for API calling conventions, environment checks, etc. (must be read before starting any task).

Security Red Lines

  • Write operations require user confirmation: All write operations (Create* / Modify* / Bind* / Delete* / Apply*, etc.) must clearly explain the action and its impact to the user before execution, and wait for user confirmation before calling the API.
  • Never ask the user for SecretId / SecretKey
  • Refuse any operation that might print credentials

Interaction & Execution Guidelines

  • Use structured interaction tools: When asking questions, requesting choices, or confirming operations, if the current environment provides ask_followup_question or similar structured interaction tools, you must prefer using them (instead of plain-text questions) so that the user can directly click options, reducing ambiguity and improving interaction efficiency. Do not omit candidate options — if there are too many to list in full, must state the total number first, show the most relevant items, and keep an "Other (please enter)" option as the last choice.
  • Prefer scripts for bulk / repetitive tasks: For tasks involving large datasets or repetitive operations (batch purge, batch query, loop operations, etc.), prefer writing a script to execute everything at once rather than calling APIs one by one manually.

Module Entry Points

Match the user's request to the appropriate module, load its entry document, and follow the instructions.

ModuleEntryDescription
APIreferences/api/README.mdCalling conventions, tool installation, credential configuration, API discovery, zone & domain discovery (ZoneId lookup)
Accelerationreferences/acceleration/README.mdSite onboarding, cache purge / prefetch, certificate management
Securityreferences/security/README.mdSecurity policy template audit, blocklist IP group query, security report
Observabilityreferences/observability/README.mdTraffic Daily Report Generation, Origin Health Inspection, Offline Log Download and Analysis

Fallback Retrieval

If the user's request cannot match any module above, or the module's reference files do not cover the scenario, fall back in the following order:

  1. First read references/api/api-discovery.md and try to find the relevant API through API discovery.
  2. If still unresolved, search the Tencent EdgeOne product documentation for the latest information.

When reference files conflict with official documentation, the official documentation takes precedence.

Files

21 total
Select a file
Select a file to preview.

Comments

Loading comments…