ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Architecture Inventory & Risk Assessment

v1.4.0

Inventory your cloud architectures and assess risks. Query architecture blueprints, evaluate Well-Architected scores, and identify governance gaps.

0· 56·0 current·0 all-time
by@stinggit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (cloud architecture inventory + risk assessment) align with the code and API calls: scripts call Tencent Cloud Advisor APIs, require python3 and Tencent AK/SK, and include role creation and STS flows needed to produce console login links and call advisor endpoints.
!
Instruction Scope
SKILL.md and check_env.py instruct the agent/user to permanently write TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY into shell startup files (e.g., ~/.bashrc) — this is a higher‑persistence, higher‑risk instruction that contradicts other claims. The skill also performs remote version checks (calling a clawhub CLI via subprocess) and will save role ARN to ~/.tencent-cloudq/config.json. Those behaviors broaden scope beyond simple read-only queries and should be explicitly expected by the user.
Install Mechanism
No install spec is provided (instruction-only install). That minimizes automatic disk writes by an installer. The package does include many scripts that will be written to disk when the skill is installed; inspecting those scripts is required before running them. No arbitrary remote downloads/archives are declared.
!
Credentials
The skill requests only Tencent Cloud AK/SK which is appropriate for the advisor APIs, but it also declares IAM operations that include role creation/attachment/deletion and sts:AssumeRole. The SKILL.md/README give mixed descriptions of attached policies (claims 'read-only' in places but elsewhere lists full-access policies and tag full-access), which is an inconsistency worth confirming before granting permission to create roles or attach policies.
!
Persistence & Privilege
always:false (good), but scripts will save configuration to ~/.tencent-cloudq/config.json (role ARN, etc.). More importantly, SKILL.md explicitly instructs users to permanently add AK/SK exports to shell RC files — unnecessarily persistent and increases risk if the keys are long‑lived. The README claims keys are not written to files, which contradicts the SKILL.md instructions.
What to consider before installing
Key points to consider before installing or running this skill: - The skill legitimately needs Tencent Cloud AK/SK to call the Advisor APIs, but do NOT paste your long‑lived SecretKey into shell startup files unless you understand and accept the risk. Prefer using short‑lived STS credentials or a dedicated minimal‑scope API key. - The skill includes scripts that can create and delete CAM roles and attach policies. The SKILL.md says role creation requires explicit consent — before consenting, open and review scripts/create_role.py and scripts/setup_role.py to confirm exactly which policies/trust relationships will be created. - There are contradictory statements about policy scope (some text says 'read‑only', other sections list 'FullAccess' policies and QcloudTAGFullAccess). Confirm which exact managed policies will be attached; avoid granting more than necessary. - The repository includes extra tooling (publish/start_publish.sh, PUBLISH_GUIDE.md, batch publish helpers) unrelated to inventory/risk assessment. These scripts may reference publishing tokens (CLAWHUB_TOKEN) or automate mass publishing; treat those as separate tools and do not run them unless you intend to use them and have audited them. - Version check calls out to a clawhub CLI (subprocess). If you run check_env.py, it may attempt to call local 'clawhub' to inspect the registry; this is benign if clawhub is trusted, but you can run check_env.py with --skip-update to avoid remote/CLI interactions. - If you plan to proceed: (1) audit create_role.py and tcloud_api.py to verify no unexpected network endpoints; (2) prefer to set credentials in a temporary session (export in shell only in a session) or use STS temporary credentials (TENCENTCLOUD_TOKEN) rather than writing permanent exports to ~/.bashrc; (3) run check_env.py with --quiet/--skip-update in an isolated environment first; (4) after testing, delete any created role and rotate or revoke any keys you provided. What would change this assessment: seeing that create_role.py only creates a narrowly scoped, read‑only role (and documentation/policy names are corrected), and explicit removal of instructions to persist long‑lived AK/SK in shell RC files would raise confidence to 'benign'. Conversely, discovery that any script uploads secrets to non‑Tencent endpoints, hardcodes external upload URLs, or silently exfiltrates data would make this clearly malicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk974pqgrgbwqxmvg7vgzd6047h83gpph

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
Binspython3
EnvTENCENTCLOUD_SECRET_ID, TENCENTCLOUD_SECRET_KEY

Comments