migraq
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use
BashorPowerShellto set up environment variables for the user. These commands (e.g., writingexportstatements to~/.zshrc) are transparently documented and required for the skill's legitimate functionality. - [DATA_EXFILTRATION]: The skill communicates with well-known Tencent Cloud API endpoints (
cmg.ai.tencentcloudapi.comandmsp.cloud.tencent.com) to facilitate migration queries and check for skill updates. These network operations are consistent with the stated purpose of the skill and the vendor's infrastructure. - [CREDENTIALS_UNSAFE]: The skill requires Tencent Cloud API credentials (
TENCENTCLOUD_SECRET_ID,TENCENTCLOUD_SECRET_KEY). It follows security best practices by recommending the use of minimum-privilege sub-accounts and managing secrets through environment variables rather than hardcoding them. - [SAFE]: The included scripts (
check_env.pyandmigrateq_sse_api.py) are implemented using standard Python libraries and follow legitimate authentication protocols (TC3-HMAC-SHA256) for Tencent Cloud services.
Audit Metadata