CloudQ

What to consider before installing/use: - The skill is coherent with a Tencent Cloud Smart Advisor helper and legitimately needs Tencent AK/SK, but do NOT paste your long-lived SecretId/SecretKey into shell startup files as the README suggests. Prefer temporary STS tokens, least-privilege keys, or create a dedicated low-permission user for this tool. - The code's version-check can call 'npx' as a fallback. That may download and execute third-party code at runtime; if you want to avoid that, run check_env.py with --skip-update or ensure 'requests' and/or a vetted clawhub CLI are present so npx fallback is not used. - The tcloud_api module falls back to disabling TLS verification when certifi is not installed (it creates an SSL context with verify disabled). This means API calls could be made without certificate validation if certifi is missing — which can expose AK/SK to network attackers. Before use, ensure certifi is installed in the Python environment (pip install certifi) or run in an environment with a correct system CA bundle. - Review the provided scripts (create_role.py, cleanup.py, login_url.py) yourself. The role creation flows will perform CAM CreateRole/AttachRolePolicy operations that require permissions; verify the exact policies (QcloudAdvisorFullAccess, QcloudTAGFullAccess) match your security posture. - If you proceed: run the scripts in an isolated account or with a dedicated, limited-permission service account; inspect network traffic if possible; use --skip-update during checks to avoid unexpected external downloads; and delete/rotate credentials when finished. If you have low confidence in the source (homepage unknown), consider obtaining an official published integration from a trusted vendor instead.