tencent-docs

The Tencent Docs MCP skill appears to be a coherent, purpose-aligned integration that enables standard document and space management tasks via MCP APIs. The footprint (token-based auth, HTTPS API calls, environment-configured deployment) is proportionate to its stated purpose. However, there are security concerns around environment-stored tokens, potential exposure through logs, and the use of an OpenClaw setup script which could propagate credentials to external processes. The presence of broad capabilities (document creation/editing across multiple document types) should be matched with strict per-tool permissions and careful credential handling. Overall, the skill is SUSPICIOUS to MEDIUM risk without additional controls (token isolation, audit logging, explicit per-tool scopes, and verified supply chain for setup.sh).