100Critical
This skill is vulnerable to prompt injection, can exfiltr
Behavior Analysis
Mismatch detected — The stated purpose mentions '自动生成下载链接和图片预览' (automatically generates download links and image previews), but the actual skill's commands and output only provide download links and do not include any functionality or output for image previews.
Claims to do
云文件上传备份工具 (Tencent Agent Storage): 将本地文件上传至 Tecent Agent Storage,自动生成下载链接和图片预览。上传的文件存储在用户独有的云盘空间中,支持跨端访问——无论是手机、电脑还是平板,用户都可以随时随地查看和下载自己的文件。
Actually does
This skill executes a Node.js script (`/tmp/smh-upload.js`) to interact with Tencent Agent Storage. It uploads local files, retrieves file metadata, and lists directory contents by calling the `smh-node-sdk` and contacting `https://api.tencentsmh.cn`. It accesses local files, reads configuration from `~/.openclaw/openclaw.json` and `.env` for `smh_` prefixed credentials, and generates direct download URLs for uploaded files.
Skill Info
Nameshawnminh/tencent-agent-storage
Registryclawhub
Version1.0.4
PURLpkg:clawhub/shawnminh/tencent-agent-storage@1.0.4
Downloads274
Source
SHA-256a6b7bff99dea...
SHA-1ed8dada1fe16...
MD5eefb3f46ca63...
TLSH19b22a0d0b75...
ssdeep384:7OxX9lAN...
Size24,277 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install shawnminh/tencent-agent-storageAssessments (3)
AI Agent Traps ↗Prompt Injection Detectedcriticalprompt injection
DeBERTa classifier detected prompt injection (confidence: 0.99)
99% confidence
Arbitrary local file upload capabilitymediumdata exfiltration
The skill's `upload` command allows specifying any `localPath` on the system, which is then read and uploaded. While semantic guardrails are in place, a compromised agent could be instructed to exfiltrate sensitive files from the user's system.
90% confidenceline 148
node /tmp/smh-upload.js upload '{"localPath":"/path/to/file.pdf", ...}'
const absLocal = expandHome(localPath);Requires high-privilege API token (`space_admin`)mediumcredential theft
The skill explicitly requires a `space_admin` level `accessToken` for its operations. This grants broad permissions on the Tencent Agent Storage, increasing the blast radius if the token is compromised or misused by a subverted agent.
90% confidenceline 85
Tencent Agent Storage 的文件上传和下载链接生成 API 要求 `space_admin` 级别的 accessToken
Use of `child_process.execSync` for dependency lookuplowcommand execution
The skill uses `child_process.execSync` to determine the global `npm` root path. Although the command executed is fixed and benign in this context, `execSync` is a powerful primitive that could be a vector for command injection if the executed string were user-controlled.
80% confidenceline 317
const globalPath = execSync('npm root -g 2>/dev/null').toString().trim();Description Mismatchlowdescription mismatch
The stated purpose mentions '自动生成下载链接和图片预览' (automatically generates download links and image previews), but the actual skill's commands and output only provide download links and do not include any functionality or output for image previews.
85% confidence
Stated purpose includes '图片预览'. Actual `upload` and `info` command outputs only contain `downloadUrl`, with no mention or generation of preview links.
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/shawnminh/tencent-agent-storage)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/shawnminh/tencent-agent-storage"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/shawnminh/tencent-agent-storage.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/shawnminh/tencent-agent-storage.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow