Trust Assessment
tencentcloud-cos-skill received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 5 critical, 5 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.Popen(), Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/shawnminh/tencent-cos-skill/scripts/cos_wrapper.py:109 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/shawnminh/tencent-cos-skill/test_skill.py:62 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/shawnminh/tencent-cos-skill/test_skill.py:73 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/shawnminh/tencent-cos-skill/test_skill.py:253 | |
| CRITICAL | Credentials Written to Unsecured Temporary File The `_call_mcp_tool` method in `scripts/cos_wrapper.py` creates a temporary JSON file containing `SecretId` and `SecretKey` (Tencent COS credentials). This file is created with `delete=False`, meaning it is not automatically removed after use. This leaves sensitive credentials exposed on the filesystem, making them vulnerable to unauthorized access and credential harvesting. Ensure temporary files containing sensitive information are securely handled. If a temporary file is necessary, it should be created with appropriate permissions and explicitly deleted immediately after use. For `tempfile.NamedTemporaryFile`, set `delete=True` (the default) or ensure `f.close()` is called and `os.remove(f.name)` is executed in a `finally` block if `delete=False` is strictly required for some reason (which is unlikely for credentials). | LLM | scripts/cos_wrapper.py:140 | |
| HIGH | Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'start_mcp_server'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/shawnminh/tencent-cos-skill/scripts/cos_wrapper.py:109 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'check_dependencies'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/shawnminh/tencent-cos-skill/test_skill.py:62 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'check_dependencies'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/shawnminh/tencent-cos-skill/test_skill.py:73 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_example'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/shawnminh/tencent-cos-skill/test_skill.py:253 | |
| HIGH | Unpinned Dependency in Installation Script The installation instructions in SKILL.md and the `install.sh` script use `npm install -g cos-mcp@latest`. This installs the latest version of the `cos-mcp` package without pinning a specific version. This practice introduces a supply chain risk, as a malicious update to `cos-mcp` could automatically be installed, compromising the system. Pin the dependency to a specific, known-good version (e.g., `npm install -g cos-mcp@1.2.3`) to prevent automatic installation of potentially malicious or breaking updates. Regularly review and update the pinned version. | LLM | SKILL.md:48 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/shawnminh/tencent-cos-skill/install.sh:153 | |
| MEDIUM | Unsanitized Input in Subprocess Arguments The `_build_mcp_command` method in `scripts/cos_wrapper.py` constructs command-line arguments for `npx cos-mcp` by directly interpolating configuration values (e.g., `Region`, `Bucket`, `SecretId`, `SecretKey`, `DatasetName`) using f-strings. While `subprocess.Popen` with a list of arguments prevents direct shell injection, if any of these configuration values (especially those that might be user-controlled or derived from user input, like `DatasetName` or `Bucket`) contain malicious characters or specially crafted strings, they could potentially be misinterpreted by the `cos-mcp` tool's argument parser, leading to unexpected behavior or command injection within the `cos-mcp` application itself. Sanitize all configuration values before interpolating them into command-line arguments. Implement robust input validation and escaping mechanisms to ensure that no malicious characters can be passed to the external `cos-mcp` tool. Consider using a dedicated argument parsing library within `cos-mcp` that handles escaping automatically, or pass sensitive data via environment variables or secure configuration files instead of command-line arguments where possible. | LLM | scripts/cos_wrapper.py:68 |
Scan History
Embed Code
[](https://skillshield.io/report/4d11007819cfd483)
Powered by SkillShield