中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
tx-cos
面向 OpenClaw 的腾讯云 COS 原生操作技能
tx-cos is a legitimate Tencent Cloud COS object storage skill using only the official cos-nodejs-sdk-v5 SDK for cloud operations, with no malicious behavior, exfiltration, or hidden functionality.
技能名称tx-cos
分析耗时38.7s
引擎pi
可以安装
No action needed. Consider adding an explicit allowed-tools declaration in SKILL.md for transparency.

安全发现 2 项

严重性 安全发现 位置
低危
Missing allowed-tools resource declaration
SKILL.md lacks an explicit allowed-tools section mapping node/npm to resources (filesystem:READ for file uploads, environment:READ for credentials, network:READ for COS API calls). This is a documentation transparency gap, not a security violation.
metadata.openclaw.requires.bins only declares node/npm without resource-level mapping
→ Add an allowed-tools declaration: filesystem:READ (for local file reads during upload), environment:READ (for COS_SECRET_* vars), network:READ (for Tencent Cloud API calls)
 SKILL.md:1
低危
Credential access without exfiltration
Scripts read COS_SECRET_ID and COS_SECRET_KEY from environment variables but only pass them to the official Tencent Cloud SDK for authentication. Credentials are never logged, echoed, or transmitted outside the SDK's encrypted COS API calls.
SecretId: process.env.COS_SECRET_ID, SecretKey: process.env.COS_SECRET_KEY
→ No action needed — this is expected and necessary behavior for the skill's core function
 scripts/lib.js:38
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 scripts/upload_file.js:16, scripts/upload_batch.js:11 — reads local files via fs…
环境变量 NONE READ ✓ 一致 scripts/lib.js:32 — accesses COS_SECRET_ID, COS_SECRET_KEY, COS_REGION, COS_BUCK…
网络访问 NONE READ ✓ 一致 scripts/lib.js:38 — instantiates cos-nodejs-sdk-v5 for Tencent Cloud COS API cal…
命令执行 NONE NONE No child_process, exec, or shell invocation found across all scripts
技能调用 NONE NONE No skill self-invocation or cross-skill calls
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access

目录结构

11 文件 · 21.0 KB · 739 行
JavaScript 10f · 566L Markdown 1f · 173L
├─ 📁 scripts
│ ├─ 📜 check_config.js JavaScript 24L · 594 B
│ ├─ 📜 delete_folder.js JavaScript 53L · 1.7 KB
│ ├─ 📜 generate_signed_url.js JavaScript 32L · 774 B
│ ├─ 📜 get_folder_stats.js JavaScript 49L · 1.5 KB
│ ├─ 📜 lib.js JavaScript 101L · 2.3 KB
│ ├─ 📜 list_objects.js JavaScript 38L · 964 B
│ ├─ 📜 manage_objects.js JavaScript 85L · 2.8 KB
│ ├─ 📜 upload_batch.js JavaScript 86L · 2.3 KB
│ ├─ 📜 upload_file.js JavaScript 44L · 994 B
│ └─ 📜 upload_large_file.js JavaScript 54L · 1.5 KB
└─ 📝 SKILL.md Markdown 173L · 5.7 KB

依赖分析 1 项

包名版本来源已知漏洞备注
cos-nodejs-sdk-v5 * npm Official Tencent Cloud COS SDK; version not pinned but this is a standard SDK dependency

安全亮点

✓ All 10 scripts are pure Node.js with no shell, exec, or child_process calls
✓ Uses only the official cos-nodejs-sdk-v5 SDK — no curl/wget, no eval, no base64 decoding
✓ No credential exfiltration: environment variables used only for SDK auth
✓ No access to sensitive local paths (~/.ssh, ~/.aws, .env files)
✓ No remote code execution, reverse shells, or C2 indicators
✓ No hidden functionality in HTML comments or whitespace
✓ Output sanitization: SKILL.md explicitly requires no credential leakage in responses
✓ Deletion operations have confirmatory logic with user-facing safeguards
✓ No dependency installation at runtime (pip/npm install not present)