tx-cos Security Report — Trusted | ClawSafe

5 /100

tx-cos

面向 OpenClaw 的腾讯云 COS 原生操作技能

tx-cos is a legitimate Tencent Cloud COS object storage skill using only the official cos-nodejs-sdk-v5 SDK for cloud operations, with no malicious behavior, exfiltration, or hidden functionality.

Skill Nametx-cos

Duration38.7s

Enginepi

✓

Safe to install

No action needed. Consider adding an explicit allowed-tools declaration in SKILL.md for transparency.

Findings 2 items

Severity	Finding	Location
Low	Missing allowed-tools resource declaration SKILL.md lacks an explicit allowed-tools section mapping node/npm to resources (filesystem:READ for file uploads, environment:READ for credentials, network:READ for COS API calls). This is a documentation transparency gap, not a security violation. `metadata.openclaw.requires.bins only declares node/npm without resource-level mapping` → Add an allowed-tools declaration: filesystem:READ (for local file reads during upload), environment:READ (for COS_SECRET_* vars), network:READ (for Tencent Cloud API calls)	`SKILL.md:1`
Low	Credential access without exfiltration Scripts read COS_SECRET_ID and COS_SECRET_KEY from environment variables but only pass them to the official Tencent Cloud SDK for authentication. Credentials are never logged, echoed, or transmitted outside the SDK's encrypted COS API calls. `SecretId: process.env.COS_SECRET_ID, SecretKey: process.env.COS_SECRET_KEY` → No action needed — this is expected and necessary behavior for the skill's core function	`scripts/lib.js:38`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	scripts/upload_file.js:16, scripts/upload_batch.js:11 — reads local files via fs…
Environment	`NONE`	`READ`	✓ Aligned	scripts/lib.js:32 — accesses COS_SECRET_ID, COS_SECRET_KEY, COS_REGION, COS_BUCK…
Network	`NONE`	`READ`	✓ Aligned	scripts/lib.js:38 — instantiates cos-nodejs-sdk-v5 for Tencent Cloud COS API cal…
Shell	`NONE`	`NONE`	—	No child_process, exec, or shell invocation found across all scripts
Skill Invoke	`NONE`	`NONE`	—	No skill self-invocation or cross-skill calls
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

File Tree

11 files · 21.0 KB · 739 lines

JavaScript 10f · 566L Markdown 1f · 173L

├─ ▾ 📁 scripts

│ ├─ 📜 check_config.js JavaScript 24L · 594 B

│ ├─ 📜 delete_folder.js JavaScript 53L · 1.7 KB

│ ├─ 📜 generate_signed_url.js JavaScript 32L · 774 B

│ ├─ 📜 get_folder_stats.js JavaScript 49L · 1.5 KB

│ ├─ 📜 lib.js JavaScript 101L · 2.3 KB

│ ├─ 📜 list_objects.js JavaScript 38L · 964 B

│ ├─ 📜 manage_objects.js JavaScript 85L · 2.8 KB

│ ├─ 📜 upload_batch.js JavaScript 86L · 2.3 KB

│ ├─ 📜 upload_file.js JavaScript 44L · 994 B

│ └─ 📜 upload_large_file.js JavaScript 54L · 1.5 KB

└─ 📝 SKILL.md Markdown 173L · 5.7 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`cos-nodejs-sdk-v5`	`*`	npm	No	Official Tencent Cloud COS SDK; version not pinned but this is a standard SDK dependency

Security Positives

✓ All 10 scripts are pure Node.js with no shell, exec, or child_process calls

✓ Uses only the official cos-nodejs-sdk-v5 SDK — no curl/wget, no eval, no base64 decoding

✓ No credential exfiltration: environment variables used only for SDK auth

✓ No access to sensitive local paths (~/.ssh, ~/.aws, .env files)

✓ No remote code execution, reverse shells, or C2 indicators

✓ No hidden functionality in HTML comments or whitespace

✓ Output sanitization: SKILL.md explicitly requires no credential leakage in responses

✓ Deletion operations have confirmatory logic with user-facing safeguards

✓ No dependency installation at runtime (pip/npm install not present)

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives