SKILL.md — 腾讯微云管理 Skills 定义

Name: weiyun-skills
Author: wscats

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill is vulnerable to prompt

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

SKILL.md — 腾讯微云管理 Skills 定义: > **使用方法**：本文档定义了所有可用的腾讯微云管理 Skills。AI Agent 或开发者可根据此文档调用 Python 脚本完成云存储操作。 > > **认证方式**（二选一）： > ```bash > # Method 1: QR code login (recommended) > python weiyun_skills/login.py --method qrcode > > # Method 2: Copy cookies from browser > python weiyun_skills/login.py --method cookies --cookies "uin=o012345678; skey=@abcdef1234; ..." > ``` > > **调用方式**： > ```bash > # CLI > python weiyun_skills/main.py <command> [args] [options] > > # Python SDK > from weiyun_skills.client import WeiyunClient > client = WeiyunClient() > client.<skill_name>(**params) > ``` > > **统一返回格式**： > ```json > { "success": true, "data": { ... }, "message": "ok" } > ```

Actually does

This skill executes Python scripts (`weiyun_skills/login.py`, `weiyun_skills/main.py`) to interact with Tencent Weiyun cloud storage. It performs authentication via QR code scanning or user-provided cookies, storing session data in `cookies.json`. The skill manages files (list, upload, download, delete, move, copy, rename, create folder, search), shares (create, cancel, list), and space (info, recycle bin) by contacting Weiyun's services.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction4 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namewscats/weiyun-skills

Registryclawhub

Version1.0.0

PURLpkg:clawhub/wscats/weiyun-skills@1.0.0

Stars3

Downloads11,329

Source

Repository ↗

SHA-2567d5a86514ed2...

SHA-1149dde9230ff...

MD5a5b7845457a4...

TLSHcfa28520dc86...

ssdeep384:iXJZTiiL...

Size22,976 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/wscats/weiyun-skills

11,329 downloads

ClawHubDocs

openclaw skills install wscats/weiyun-skills

Assessments (2)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 1.00)

100% confidence

Command line exposure of authentication cookiescriticalcredential theft

The skill's CLI examples demonstrate passing sensitive authentication cookies directly as a command-line argument. This exposes credentials in plain text in process lists, shell history, and potentially logs, making them vulnerable to theft.

100% confidenceline 25

python weiyun_skills/login.py --method cookies --cookies "uin=o012345678; skey=@abcdef1234; ..."

Arbitrary local file read/write via skill parametershighdata exfiltration

The `upload_file` and `download_file` skills allow specifying arbitrary `local_path` values. This capability could be abused to exfiltrate sensitive files from the agent's host or to write malicious files to critical system locations.

100% confidenceline 168

upload_file: `local_path` | `string` | ✅ | - | 本地文件路径 (line 168)
download_file: `local_path` | `string` | ✅ | - | 本地保存路径 (line 197)

Permanent data deletion capabilitymediumimpact

The `delete_file` skill allows permanent deletion of files by setting `permanent=True`, and `clear_recycle_bin` permanently deletes all items. While `clear_recycle_bin` requires a `confirm=True` flag, an agent could be prompted to provide it, leading to irreversible data loss.

90% confidenceline 226

delete_file: `permanent` | `boolean` | ❌ | `false` | 是否永久删除（跳过回收站） (line 226)
clear_recycle_bin: `confirm` | `boolean` | ✅ | - | 必须为 `true` 才执行 (line 504)

Potential path traversal/injection in file operationsmediumcommand execution

Multiple file management skills accept `remote_path` and `local_path` as string inputs. Without explicit sanitization or validation, these parameters could be vulnerable to path traversal attacks (e.g., `../../`) or command injection if the underlying Python implementation directly concatenates them into shell commands.

80% confidenceline 139

`remote_path` in `list_files` (line 139), `upload_file`, `download_file`, `delete_file`, `move_file`, `copy_file`, `rename_file`, `create_folder`, `create_share`.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/wscats/weiyun-skills.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/wscats/weiyun-skills)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/wscats/weiyun-skills"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/wscats/weiyun-skills.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/wscats/weiyun-skills.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow