ClawHub

TencentCloud CVM

Security checks across malware telemetry and agentic risk

Overview

This skill appears to manage Tencent Cloud servers as advertised, but it asks for broad cloud permissions and can create, restart, stop, or delete infrastructure without built-in safeguards.

Install only if you are comfortable giving an agent control over Tencent Cloud infrastructure. Use a dedicated sub-user, replace the wildcard policy with the narrowest actions and resources possible, keep credentials out of source control, use a virtual environment for dependencies, and require manual review before any create, stop, restart, security-group, disk, or delete operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation claims the setup follows minimal 'CVM only' permissions, but earlier instructions create a policy granting wildcard access to CVM, VPC, and CBS resources. This mismatch can lead operators to over-trust the permission scope and deploy credentials with broader infrastructure control than intended, increasing blast radius if the key is misused or leaked.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill advertises creating and deleting cloud servers as standard capabilities without an explicit warning that creation incurs real charges and deletion can permanently destroy workloads or data. In a cloud-management skill, omission of these safety warnings increases the risk of accidental destructive or billable operations by users who may treat examples as safe defaults.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The create-instance example directly provisions a CVM server but does not warn that executing the example will allocate billable cloud resources. Because this is operational documentation for real Tencent Cloud accounts, users may copy and run it without understanding the cost implications or verifying configuration, quotas, and cleanup steps.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The stop/start/restart examples perform live lifecycle operations without warning that they can interrupt services, disconnect users, and potentially affect data integrity for in-flight workloads. In infrastructure management documentation, missing availability warnings can contribute to accidental outages during routine use or testing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code exposes destructive instance termination through a single method call with no confirmation, dry-run mode, safeguard, or allowlist checks. In an agent or automation context, this increases the risk of accidental or unauthorized deletion of production infrastructure, causing service disruption and potential data loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal