Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tencent MPS
v1.1.5腾讯云 MPS 媒体处理服务,支持以下功能:【视频转码】转码/压缩/格式转换/H.264/H.265/AV1/MP4/AVI/MKV/FLV/MOV/编码/码率/分辨率/帧率调整。【画质增强】画质增强/画质修复/老片修复/超分辨率/视频超分/画质提升/真人增强/漫剧增强/动漫超分/画面抖动/防抖/细节增强/人脸保...
⭐ 3· 995·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
Name, description, SKILL.md and included scripts all consistently implement Tencent Cloud MPS functionality (transcode, enhancement, AIGC, COS ops). However the registry metadata declares no required environment variables and no primary credential, while the scripts and SKILL.md clearly need TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY and often TENCENTCLOUD_COS_BUCKET/TENCENTCLOUD_COS_REGION. That mismatch between declared requirements and actual code is an incoherence that should be resolved before trusting the skill.
Instruction Scope
SKILL.md enforces behavior (only emit python commands, require TaskId reporting, format links as Markdown) and instructs environment setup paths (/etc/environment, ~/.profile, etc.). Critically, SKILL.md suggests users may 'directly send variable values in the conversation, by AI help configure' and the scripts attempt to auto-load environment files. Those instructions encourage secret disclosure and allow the skill to read system environment files — beyond what a benign helper should ask a user to paste into chat.
Install Mechanism
There is no remote download or install spec; the package is delivered as local Python scripts. The scripts declare Python dependencies installed via pip (tencentcloud-sdk-python, cos-python-sdk-v5), which is a normal mechanism. No arbitrary external archives or URL-based installers were found in the provided manifest.
Credentials
The skill requires high-sensitivity credentials (Tencent Cloud SecretId/SecretKey) and COS configuration for many operations, plus optional region/bucket vars. Those secrets are essential for the skill's functionality, but they are not declared in the registry metadata and the SKILL.md gives instructions that could lead to insecure handling (auto-load env files, ask users to paste values into chat). Multiple environment variables are requested across scripts (and some scripts call get_cos_presigned_url using secrets), so the scope of secrets is broad and must be treated carefully.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. Nothing in the metadata indicates it modifies other skills or system-wide agent settings. That said, its runtime behavior (reading environment files, suggesting edits to ~/.profile or /etc/environment) means users may be prompted to persist credentials on the host — a user action, not an automatic privilege requested by the skill.
Scan Findings in Context
[no_findings] unexpected: Static pre-scan reported no injection signals, but that does not mitigate the clear metadata vs runtime inconsistencies and the secret-handling guidance in SKILL.md.
What to consider before installing
Key points before installing or using this skill:
- This skill's scripts require your Tencent Cloud SecretId and SecretKey (and often COS bucket/region). The registry metadata currently does NOT declare these required env vars — treat that as a red flag and require the publisher to correct it.
- Do NOT paste your SecretId/SecretKey into a chat/conversation. SKILL.md suggests the agent can help configure if you send values in the conversation — that would expose secrets to the agent and any logs. Use a secure secret injection mechanism instead (platform secret store, environment variables injected by an admin, or an IAM role with minimal privileges).
- Inspect mps_load_env.py and any code that auto-loads environment files before running: the scripts reference loading env from /etc/environment, ~/.profile, etc. Verify what files are read and whether any code writes to or parses arbitrary system files.
- Limit credentials: if you must provide keys, create least-privilege credentials scoped to MPS/COS actions only and avoid using owner/administrator keys. Prefer short-lived credentials or COS pre-signed URLs where possible.
- Be aware of billing: many operations call Tencent MPS and will incur costs. The SKILL.md reminds about costs — confirm expected costs and test with dry-run (--dry-run) first.
- Verify link and TaskId handling: SKILL.md requires Markdown links and explicit TaskId output. Make sure any automation that parses script stdout cannot be coerced to exfiltrate secrets via those outputs.
- If you are not comfortable supplying cloud credentials or allowing the skill to read environment files, do not install or run it. Consider running the scripts locally in an isolated environment (container or VM) after manually reviewing the code.
If you want, I can: (1) highlight the exact places in the code that read environment files or prompt for secrets, (2) summarize which scripts require which env vars, or (3) suggest minimal IAM policies to limit the provided credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97bee7tsazvsqj8b45w907r6584d8va
License
MIT-0
Free to use, modify, and redistribute. No attribution required.