cloud-upload-backup

Warn

Audited by Socket on Mar 21, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core capability matches the stated purpose of cloud backup, but the data path is not cleanly aligned with official direct-to-Tencent API usage: local files are routed through a localhost gateway and exposed via a separate short-link domain. With no remote installer this is not strong malware evidence, but the intermediary proxy and link indirection make the skill medium risk and warrant scrutiny before trusting it with sensitive files.

Confidence: 84%Severity: 62%
Audit Metadata
Analyzed At
Mar 21, 2026, 04:46 PM
Package URL
pkg:socket/skills-sh/stvlynn%2Fqclaw-skills%2Fcloud-upload-backup%2F@5a7184162fe64de1e706d6863140e3be17de69c7
Security Audit — socket — cloud-upload-backup