Back to skill
Skillv0.1.0
ClawScan security
tke skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 12:35 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement legitimate TKE management actions, but its metadata omits the Tencent Cloud credentials the code and SKILL.md actually require, and the agent-level ability to write files/execute bash means secrets or kubeconfigs could be persisted if mishandled.
- Guidance
- This skill implements legitimate Tencent Cloud TKE operations, but the package metadata failed to declare that it requires Tencent Cloud credentials (TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY). Before installing: 1) Confirm you are comfortable providing Tencent Cloud credentials — prefer short‑lived or least-privilege keys. 2) Ensure the agent's skill sandbox will not leak env vars or copy secrets into logs/shared outputs. 3) Manually inspect the full tke_cli.py (the file is mostly visible; verify the truncated tail contains no unexpected network calls or exec). 4) Install the dependency (pip install tencentcloud-sdk-python-tke) in a controlled environment. 5) If you want the agent to run this skill, consider only passing credentials via CLI args for single-use, or use temporary credentials and avoid storing long-lived secrets in the agent environment. The metadata author should be asked to update the skill to declare required env vars and document credential handling.
Review Dimensions
- Purpose & Capability
- noteName/description match the code and SKILL.md: the included tke_cli.py and instructions implement TKE cluster listing, status, endpoint and kubeconfig operations. However the registry metadata claims no required env vars/credentials while both SKILL.md and the CLI require TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY (or --secret-id / --secret-key). That mismatch is an inconsistency that should be fixed.
- Instruction Scope
- okSKILL.md confines runtime instructions to running the included tke_cli.py via Bash to call Tencent Cloud TKE APIs. It documents which commands are read-only and which (create-endpoint/delete-endpoint) are write operations. There are no instructions to read unrelated host files or call external endpoints beyond Tencent Cloud APIs.
- Install Mechanism
- noteNo install spec (instruction-only) which reduces installer risk, but README and SKILL.md require the third‑party Python dependency tencentcloud-sdk-python-tke (pip). The package requirement is expected for this purpose, but the skill does not auto-install it — operators must run pip themselves. No downloads or unknown URLs are embedded in the skill files.
- Credentials
- concernThe code and SKILL.md expect Tencent Cloud credentials (TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY or CLI args), which is appropriate for TKE management. But the registry metadata incorrectly lists no required env vars or primary credential. Also the skill's allowed-tools include Write and Bash: writing kubeconfig or other output to disk is reasonable for this tool, but it means secrets or long-lived kubeconfigs could be persisted. The metadata omission makes it unclear to users and agent permission systems which secrets will be accessed.
- Persistence & Privilege
- okalways:false (not force-included) and autonomous invocation not disabled (default) — expected for a skill. The skill does not request system‑wide config paths or attempt to modify other skills. It may write kubeconfig/output when run, which is consistent with its purpose but should be treated carefully.