Back to skill
Skillv1.1.7
ClawScan security
Tencent MPS Intl. · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 17, 2026, 4:04 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The package appears to implement Tencent Cloud MPS functionality and legitimately needs Tencent Cloud credentials, but the registry metadata omits those required env vars and the runtime instructions actively encourage retrieving/entering secrets (including asking the user to paste them into chat), which is an incoherent and risky design choice.
- Guidance
- This bundle appears to be real Tencent MPS client code, but you should be careful before installing or using it. Specific points to consider: - Do NOT paste your cloud credentials into chat. SKILL.md explicitly suggests the assistant can help configure credentials if you 'send the variable values directly in the conversation' — that is unsafe. Provide credentials only via secure environment variables on your system or a credential manager, never as chat text. - The registry metadata omits required env vars (TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY and optional COS settings). Treat that as a packaging oversight and verify required environment variables yourself before use. - Inspect mps_load_env.py (and any code paths that read /etc/profile, ~/.profile, /etc/environment) to see exactly what files it reads and whether it uploads or prints their contents. If you don't want the skill to search system files, do not run those helper functions or run the scripts in a sandboxed account. - Limit credential permissions: create a dedicated Tencent Cloud API key with the minimum MPS/COS permissions required and rotate/revoke it if you later suspect exposure. Prefer temporary or scoped credentials if supported. - Run the code locally in an isolated environment (container or VM) and review network activity if possible. The code uses official SDKs and accesses Tencent APIs/COS; verify there are no hidden third-party endpoints in the code (search for unexpected domains/IPs). If you want to proceed safely: set the required env vars only in your OS environment (not in chat), audit mps_load_env.py for aggressive file reads, and prefer a least-privilege key for testing. If you need, I can list the exact places the code reads env vars and the lines that encourage asking users for secrets so you can inspect them.
Review Dimensions
- Purpose & Capability
- noteThe code and SKILL.md implement a large, coherent Tencent MPS client (transcode/enhance/AIGC/subtitle/COS ops). Requesting Tencent Cloud credentials and COS configuration is consistent with the stated purpose. However, the registry metadata declares no required environment variables or primary credential even though SKILL.md and many scripts (e.g., mps_load_env.py, mps_aigc_image.py, mps_cos_download.py) require TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY and optional COS variables — this mismatch between metadata and actual needs is an inconsistency.
- Instruction Scope
- concernSKILL.md and several scripts instruct the agent and user to ensure TENCENTCLOUD_SECRET_ID / SECRET_KEY are set and even include messaging that the AI can 'help you configure them' if the user 'send the variable values directly in the conversation'. Scripts attempt to auto-load credentials from system profile files (e.g., ~/.profile, /etc/environment) via mps_load_env and will prompt about loading them. Encouraging the user to paste cloud credentials into chat and automatic attempts to load system env files broaden the skill's scope into secret collection and system-file access, which is outside a minimal, safe usage pattern.
- Install Mechanism
- okNo install spec is provided (instruction-only), and the KD instructs pip installing tencentcloud-sdk-python and cos-python-sdk-v5 if needed. No remote downloads or archive extraction are present in the manifest. This carries normal, moderate developer friction but not the high risks associated with arbitrary URL downloads.
- Credentials
- concernThe scripts legitimately need Tencent Cloud credentials and (optionally) COS bucket/region values. That is proportionate to the MPS functionality. However: (1) the skill metadata does not declare these required env vars or a primaryEnv, (2) the skill's runtime instructions explicitly instruct the assistant to solicit secret values via conversation and to auto-load system environment files, and (3) scripts accept secrets via CLI flags or try to read system-wide profile files — together these create an elevated risk of secrets being exposed or captured in chat. The number and sensitivity of credentials requested are reasonable for the service but the way the skill directs the agent to obtain them is not properly constrained.
- Persistence & Privilege
- okalways is false and the skill does not request persistent platform privileges. The scripts read and write local files (downloads, outputs) and may create directories for downloads, which is expected for a CLI-style toolkit. There is no evidence the skill attempts to modify other skills or global agent settings.