100Critical
This skill is highly vulnerable to command injection and prompt injection
Behavior Analysis
Description verified — behavior matches claim
Claims to do
腾讯云 COS 技能: 一站式管理腾讯云对象存储(COS)和数据万象(CI),通过统一的 Node.js SDK 脚本提供以下能力:
Actually does
This skill executes Node.js and bash scripts to interact with Tencent Cloud COS (Object Storage) and CI (Data Vison) services. It performs extensive operations including file uploads/downloads, bucket management, image/document/media processing, content moderation, speech recognition/synthesis, file utilities, and MetaInsight search capabilities. It manages Tencent Cloud API credentials via environment variables or encrypted local files, contacting Tencent Cloud APIs for all operations.
Skill Info
Nameshawnminh/tencent-cloud-cos
Registryclawhub
Version1.1.1
PURLpkg:clawhub/shawnminh/tencent-cloud-cos@1.1.1
Downloads1,944
Installs2
Source
SHA-256e3b5ef320311...
SHA-1b2547777309f...
MD54830a04aeb0d...
TLSH60c208e99cc2...
ssdeep768:6mutHQ73...
Size27,496 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install shawnminh/tencent-cloud-cosAssessments (2)
AI Agent Traps ↗Prompt Injection Detectedcriticalprompt injection
DeBERTa classifier detected prompt injection (confidence: 0.98)
98% confidence
Generic Cloud API Call Capabilitycriticaltool poisoning
The 'ci-request' action allows making arbitrary calls to the Tencent Cloud CI API by specifying method, path, and body. This provides a broad attack surface, enabling actions not explicitly defined or potentially bypassing intended restrictions.
90% confidenceline 573
ci-request --method POST --path "image/auditing" --body '<xml>...</xml>'
Potential Command Injection via Script Argumentshighcommand execution
The skill executes shell scripts (`setup.sh`) and Node.js scripts (`cos_node.mjs`) with user-provided arguments (e.g., file paths, keys, content, bucket names). Without robust input sanitization in the underlying scripts, this presents a significant risk for command injection.
80% confidenceline 109
{baseDir}/scripts/setup.sh --check-only
node {baseDir}/scripts/cos_node.mjs <action> [--option value ...]Credential Persistence on Diskhighpersistence
The skill offers a '--persist' option to write cloud credentials to a local '.env' file and an 'encrypt-env' action to encrypt them to '.env.enc'. While security measures like file permissions and encryption are mentioned, any disk persistence of credentials increases the attack surface.
90% confidenceline 130
setup.sh --from-env --persist node scripts/cos_node.mjs encrypt-env
Automated Cloud Resource Creation (Resource Abuse)mediumresource abuse
The 'create-knowledge-base' action automatically creates cloud resources (storage bucket, dataset). If an attacker can repeatedly trigger this action, it could lead to resource exhaustion or unexpected cloud billing charges.
70% confidenceline 399
create-knowledge-base --name <用户指定的名称> 自动完成三步:创建存储桶 → 创建 DocSearch 数据集 → 绑定
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/shawnminh/tencent-cloud-cos)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/shawnminh/tencent-cloud-cos"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/shawnminh/tencent-cloud-cos.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/shawnminh/tencent-cloud-cos.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow