Back to skill
Skillv1.0.0
ClawScan security
Tencent Cloud Image Hosting (Upload files to get online URLs) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 5, 2026, 2:13 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and SKILL.md match the described purpose (uploading files to Tencent COS) but the registry metadata omits the required credentials and there is no declared install step for the required npm dependency—these inconsistencies should be resolved before trusting it with secrets or production data.
- Guidance
- This skill appears to do what it claims (upload files to Tencent COS) but has two practical red flags: (1) the registry metadata does not declare the required Tencent credentials even though SKILL.md and the script require them, and (2) there is no install spec for the npm dependency 'cos-nodejs-sdk-v5'. Before installing or running: 1) Review the included script (you already have it) and confirm it only uploads the file you expect. 2) Do not provide your long-lived root credentials—create a Tencent Cloud key with minimal COS permissions scoped to the specific bucket and actions needed. 3) Install the COS SDK from the official npm registry (npmjs.com) or run in an isolated environment/container. 4) Avoid uploading sensitive files unless you control the target bucket and understand its access policy. 5) If you plan to rely on this as an automated skill, request that the publisher update the registry metadata to declare required env vars and add an explicit install section so you can audit dependency sources.
Review Dimensions
- Purpose & Capability
- concernThe skill's name/description and the included script align: it uploads a user-specified file to Tencent Cloud COS and generates direct and pre-signed URLs. However, the registry metadata lists no required environment variables or primary credential, while SKILL.md and the script require TENCENT_SECRET_ID, TENCENT_SECRET_KEY, TENCENT_COS_BUCKET, and TENCENT_COS_REGION. That metadata omission is an incoherence that could mislead users about needed secrets.
- Instruction Scope
- okSKILL.md and scripts/cos-upload.js restrict actions to reading the specified local file, using provided Tencent credentials, and calling the official COS SDK to upload and generate URLs. The instructions do not instruct the agent to read unrelated files or send data to unexpected third-party endpoints. The script does not contain obfuscated or hidden network endpoints.
- Install Mechanism
- noteThere is no install specification. The script requires the npm package 'cos-nodejs-sdk-v5' (require call present), but the skill does not declare or install that dependency. This is an operational mismatch (may fail at runtime) rather than an obvious malicious install mechanism, but you should ensure dependencies are installed from official registries before running.
- Credentials
- concernThe credentials requested by the SKILL.md/script (Tencent SecretId/SecretKey, bucket, region) are proportionate to uploading objects to COS. The concern is that the skill registry metadata does not declare these required environment variables or a primary credential; that inconsistency can cause users to overlook that they must provide sensitive secrets to the skill.
- Persistence & Privilege
- okThe skill is user-invocable, always:false, and does not request persistent or elevated platform privileges. The script does not modify other skill configs or system-wide settings.