v1.1.5

Tencent Cloud COS

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:26 AM.

Analysis

This appears to be a real Tencent Cloud COS/CI integration, but it needs powerful cloud credentials and can perform high-impact storage, bucket, and generic API operations, so it should be reviewed carefully before installation.

GuidanceInstall only if you intend to let the agent manage Tencent Cloud COS/CI resources. Use STS or a tightly scoped sub-account key for the target bucket, avoid root or broad permanent keys, confirm destructive/admin actions before running them, be cautious with the generic `ci-request` action, and do not upload sensitive documents to the knowledge base unless you have reviewed retention and access controls.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

即使用户没有明确提到COS或腾讯云，只要涉及"把文件传到云上"、"生成下载链接"、"帮我建个知识库"...也应该触发此技能。

The trigger wording covers generic cloud-storage and knowledge-base intents, not only explicit Tencent Cloud COS requests.

User impactThe agent may choose Tencent Cloud COS for a generic cloud upload or knowledge-base request even when the user did not name Tencent Cloud.

RecommendationFor generic requests, confirm with the user that Tencent Cloud COS is the intended destination before uploading files, creating resources, or generating links.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

- **文件存储**：上传、下载、列出、删除文件... - **存储桶管理**：列出/创建存储桶，ACL、跨域、标签、版本控制、生命周期管理

The skill advertises destructive and administrative COS actions, including object deletion and bucket policy-style controls such as ACL and lifecycle management.

User impactA mistaken or overly broad invocation could delete cloud objects, alter bucket exposure, or change retention/lifecycle behavior in the user's Tencent Cloud account.

RecommendationUse a least-privilege sub-account limited to the intended bucket, and require explicit user confirmation for delete, ACL, lifecycle, versioning, CORS, or bucket-creation actions.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

references/api_reference.md

ci-request — 通用 CI API 请求 ... --method ... --path ... --body ... --query ... 请求自动发送到 `https://{Bucket}.ci.{Region}.myqcloud.com/{path}`。

The documented generic request action allows caller-controlled method, path, body, and query parameters against the CI API using the user's credentials.

User impactThis escape-hatch API can reach CI operations that are not individually modeled by the skill, increasing the chance of unintended jobs, mutations, or costs.

RecommendationAvoid using `ci-request` unless the exact API call is understood; prefer specific wrapped actions and review the method, path, body, and cost/side effects before execution.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/setup.sh

(cd "$BASE_DIR" && npm install cos-nodejs-sdk-v5 --no-progress 2>&1 | tail -3)

The setup script installs the COS SDK from npm without pinning a package version.

User impactFuture installs could receive a different package version than the one originally reviewed.

RecommendationPin and review dependency versions where possible, and install from a trusted npm registry/source.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

"secrets": ["SecretId", "SecretKey"], "optionalSecrets": ["Token"] ... "sensitivity": "critical" ... "scope": "COS object storage and CI data processing APIs"

The skill explicitly requires Tencent Cloud API credentials, including critical long-lived key material or an optional STS token.

User impactAnyone or anything using these credentials may be able to access or modify COS/CI resources allowed by the key policy.

RecommendationDo not use root-account keys. Prefer STS temporary credentials or a Tencent Cloud sub-account restricted to the specific bucket, region, and CI actions needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

知识库场景：一键创建知识库、上传文档到知识库、从知识库检索内容片段。

The skill can create a persistent knowledge base, upload documents into it, and retrieve content snippets later.

User impactPrivate documents uploaded to the knowledge base may persist in Tencent Cloud and later influence retrieval results or agent answers.

RecommendationOnly upload documents intended for cloud indexing, avoid secrets or regulated data unless the account policy permits it, and define retention/deletion practices for knowledge-base content.