TencentCloud OPS

Things to check before installing or running this skill: - Expectation mismatch: SKILL.md and src/tencent_ops.py require TENCENT_SECRET_ID and TENCENT_SECRET_KEY, but the registry metadata did not declare any required credentials. Treat that omission as a red flag—the skill will need API keys to function. - Use least privilege and isolation: create a dedicated sub-user in a test/isolated Tencent Cloud account and grant only the minimal actions for the specific resources you want to manage. Avoid applying the provided example policies with action lists and resource "*" in a production account. - Verify missing files: SKILL.md references config/.env.example and src/verify_config.py, but those files are not present in the provided manifest. Confirm the repository includes those files and inspect them before running any verification scripts. - Audit the code: although the included src/tencent_ops.py appears to use official Tencent SDKs and reads env vars directly (no obvious obfuscation or external exfil endpoints in the truncated file), review the full source (including truncated sections) to ensure there are no hidden network callbacks, logging of secrets, or unexpected endpoints. - Do not use root/main account keys: follow the skill's own advice to use a sub-user and do not store long-lived keys in public repos. Add config/.env to .gitignore and rotate keys regularly. - Confirm policy action syntax: some policy action strings in the SKILL.md (e.g., "name/cos:*") look unusual — verify they match Tencent CAM action names before applying. If you are not comfortable auditing the code yourself, run this tool only in a controlled, non-production account and with keys that have tightly scoped permissions.