Back to skill
Skillv1.1.5
VirusTotal security
Tencent Cloud COS · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:31 AM
- Hash
- 192db82765fb516985c72c8b3af4609696657e244b7e30a55b71dc30134fd134
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: tencentcloud-cos Version: 1.1.5 The skill bundle is a well-structured and professional integration for Tencent Cloud COS and CI services. It demonstrates strong security awareness by implementing local credential encryption (AES-256-GCM in scripts/cos_node.mjs), recommending STS temporary tokens, and explicitly forbidding destructive actions like bucket deletion. The setup script (scripts/setup.sh) follows best practices by setting restrictive file permissions (600) and automatically updating .gitignore to prevent secret leakage. All network requests are hardcoded to legitimate Tencent Cloud domains (*.myqcloud.com), and no evidence of data exfiltration or malicious intent was found.
- External report
- View on VirusTotal