Security Audit

tencent-cos

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

tencent-cos received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 11 findings: 4 critical, 6 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.Popen(), Dangerous call: subprocess.run().

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

Static Code Analysis

33%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

9 findings

Excessive Permissions

1 finding

Security Findings11

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/shawnminh/tencentcloud-cos-skills/scripts/cos_wrapper.py:109
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/shawnminh/tencentcloud-cos-skills/test_skill.py:62
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/shawnminh/tencentcloud-cos-skills/test_skill.py:73
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/shawnminh/tencentcloud-cos-skills/test_skill.py:253
HIGH	Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'start_mcp_server'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/shawnminh/tencentcloud-cos-skills/scripts/cos_wrapper.py:109
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'check_dependencies'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/shawnminh/tencentcloud-cos-skills/test_skill.py:62
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'check_dependencies'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/shawnminh/tencentcloud-cos-skills/test_skill.py:73
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_example'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/shawnminh/tencentcloud-cos-skills/test_skill.py:253
HIGH	Unpinned Dependency in Installation Script The installation script `install.sh` and the `SKILL.md` documentation instruct users to install the `cos-mcp` package using `npm install -g cos-mcp@latest`. Relying on `@latest` for a global dependency introduces a supply chain risk. If a malicious update to `cos-mcp` is published, it could be automatically installed, potentially compromising the system or exfiltrating credentials. It is best practice to pin dependencies to a specific version or a version range to ensure reproducibility and security. Pin the `cos-mcp` dependency to a specific major or minor version (e.g., `cos-mcp@^1.2.3` or `cos-mcp@1.2.3`) instead of `@latest`. Regularly review and update the pinned version to incorporate security fixes.	LLM	install.sh:89
HIGH	Unpinned Dependency in Skill Documentation The `SKILL.md` documentation, which guides users on installing the skill, specifies `npm install -g cos-mcp@latest`. This practice of using `@latest` for a critical dependency creates a supply chain vulnerability. An attacker could introduce malicious code into a new 'latest' version of `cos-mcp`, which would then be automatically installed by users following the documentation, leading to potential system compromise or data exfiltration. Update the `SKILL.md` to instruct users to install `cos-mcp` with a specific version or a version range (e.g., `npm install -g cos-mcp@^1.2.3` or `npm install -g cos-mcp@1.2.3`). This ensures that installations are deterministic and less susceptible to unexpected or malicious changes in future package versions.	LLM	SKILL.md:49
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/shawnminh/tencentcloud-cos-skills/install.sh:153

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/528f4f6460cb3c8c.svg)](https://skillshield.io/report/528f4f6460cb3c8c)