Tencent Survey
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a mostly coherent Tencent Survey integration, but it needs review because it trusts remote update instructions, can auto-install a global package, and handles survey tokens and respondent data in ways users should verify.
Install only if you trust this skill with your Tencent Survey team token. Before first use, review setup.sh, preinstall/pin mcporter yourself if possible, verify all endpoints are wj.qq.com, do not allow automatic remote update instructions, and retrieve only the survey response data you actually need.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote response could influence what the agent does before the user’s actual survey task, including potentially changing the skill or running update steps the user has not reviewed.
The skill tells the agent to treat a remote tool-returned `instruction` as update guidance before using the skill, without clearly constraining allowed update actions or requiring explicit user approval.
每天使用 SKILL 前进行一次更新检查 ... 如果 `has_update` 为 true ... 则遵循 `instruction` 指令进行更新,或提示用户更新
Do not let the agent automatically follow returned update instructions. Show the update details to the user and only apply updates through a reviewed, pinned, and trusted update path.
Running the setup/auth command could install code globally on the machine without a separate install approval step.
The setup script can automatically install an unpinned global npm package if mcporter is missing, which mutates the local environment and depends on external package provenance.
if ! command -v mcporter &> /dev/null; then ... npm install -g mcporter
Require explicit user consent before installing packages, declare mcporter as a dependency, and prefer a pinned version or a separately reviewed installation step.
The Tencent Survey token could appear in agent logs or be configured for a non-default endpoint if the environment is altered, potentially exposing access to team surveys and responses.
The script stores a bearer token for the MCP service, supports an undeclared API-base override, and contains code that prints the token in command output.
_WJ_API_BASE="${WJ_API_BASE_URL:-https://wj.qq.com}" ... --header "Authorization=Bearer $token" ... echo "TOKEN_READY:$token"Verify the configured endpoint is wj.qq.com, avoid printing tokens to stdout, clear any logs containing tokens, and use the least-privileged/revocable token available.
Survey respondents’ personal or sensitive answers may be exposed to the agent session when viewing results.
The answer-listing tool can return respondent identifiers, location/network metadata, attachments, signatures, and free-text answers into the agent context.
`respondent_nickname` ... `openid` ... `ip` ... `country`, `province`, `city` ... `files` ... `signature_id`
Ask for only the needed fields, avoid retrieving all responses unless necessary, and do not paste or export respondent data beyond the user’s explicit request.
A mistaken survey ID, question ID, or generated DSL could overwrite a real questionnaire item.
The update tool is intentionally non-idempotent and overwrites an existing survey question, which is purpose-aligned but can change account data.
非幂等操作:每次调用都会覆盖原题目内容
Confirm the target survey/question and preview the replacement text before calling update_question; be especially careful with active or business-critical surveys.