Domain name for API request: csip.intl.tencentcloudapi.com.
Query the security detection result of Skill. After successfully calling CreateSkillScan, use the returned ContentHash + EngineVersion to poll this interface and obtain the result. For the first time, poll 5 minutes after successful upload. If detection is not completed, poll every 1 minute afterward. The response distinguishes four types of status via the Status field: detection complete (SUCCESS), in-progress detection (SCANNING), no record (NOT_FOUND), and detection failed (FAILED). Note: The detection result is retained for 90 days. It will return NOT_FOUND when overdue.
A maximum of 100 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeSkillScanResult. |
| Version | Yes | String | Common Params. The value used for this API: 2022-11-21. |
| Region | No | String | Common Params. This parameter is not required. |
| ContentHash | Yes | String | SHA256 Hash of the ZIP file Parameter format: sha256:<64-bit hex> |
| EngineVersion | Yes | Integer | Specify the engine version number Value for reference: API response of CreateSkillScan |
| ReportURLExpireHours | No | Integer | Report signature address validity Unit: hr Default value: 8760 (1 year). Supplementary explanation: The returned ReportURL takes effect. |
| Parameter Name | Type | Description |
|---|---|---|
| Status | String | Detection status Enumeration value: SUCCESS: Detection completed, results returned. SCANNING: Detection in progress NOT_FOUND: No detection record. FAILED: Detection failed |
| Data | SkillScanItem | Detection result details. When Status=SUCCESS, most fields have values. When Status=SCANNING, it contains only ContentHash and CreatedAt. When Status=FAILED, it contains only ContentHash, FailedAt, and Message. When Status=NOT_FOUND, it contains only ContentHash. |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: csip.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeSkillScanResult
<Common request parameters>
{
"ContentHash": "sha256:93329ab36e34abf927eb029bc27db54e0041d7905c1f80a222998d88d62dd4c5",
"EngineVersion": 20200
}
{
"Response": {
"Status": "SUCCESS",
"Data": {
"SkillName": "git-helper",
"SkillDescription": "A skill for batch executing Git repository initialization, configuration sync, and auxiliary operations."
"ContentHash": "sha256:93329ab36e34abf927eb029bc27db54e0041d7905c1f80a222998d88d62dd4c5",
"UploadFileCount": 37,
"RiskLevel": "malicious",
"PrimaryRuleID": "90002",
"Mitigation": "It is advisable to stop using this Skill immediately, clean up malicious persistence and outbound logic, rotate suspected leaked credentials, and resubmit for detection after repair completed."
"RiskDescription": "This Skill exhibits multiple high-risk behaviors including command injection, credential stealing, and data exfiltration, and is comprehensively assessed as malicious."
"SecurityScore": 0,
"EngineVersion": 20200,
"CapabilityTags": [
{
"ID": "file_read",
"Name": "File reading"
},
{
"ID": "file_write",
"Name": "File modification"
}
],
"RuleCatalog": [
{
"RuleID": "90001",
"RuleName": "supply chain risk"
},
{
"RuleID": "90002",
"RuleName": "Command execution risk"
},
{
"RuleID": "90003",
"RuleName": "Network Request and Data Exfiltration"
},
{
"RuleID": "90004",
"RuleName": "File operations and sensitive path access"
},
{
"RuleID": "90005",
"RuleName": "Prompt injection risk"
},
{
"RuleID": "90006",
"RuleName": "Remote script download and execute"
},
{
"RuleID": "90007",
"RuleName": "Suspicious code/obfuscation"
},
{
"RuleID": "90008",
"RuleName": "Other security risks"
}
],
"ScanItems": [
{
"ScanType": "AI",
"RuleList": [
{
"RuleID": "90002",
"Description": "In git_helper/run.py line 16, subprocess.run(f\"git {cmd}\", shell=True) call is detected, where user parameter is directly concatenated into shell command, leading to command injection"
},
{
"RuleID": "90003",
"Description": "In git_helper/init_config.py line 91, urllib.request.urlopen was found POSTing stolen credentials and system information to an external domain name"
}
]
},
{
"ScanType": "STATIC",
"RuleList": [
{
"RuleID": "90001",
"Description": "The Python package 'reqeusts' differs from the popular package 'requests' by only 2 characters (Levenshtein distance); requirements.txt uses >= but lacks == for exact lock"
}
]
}
],
"ReportURL": "https://skill-scan-1258344699.cos.ap-guangzhou.myqcloud.com/html-reports/2026/04/02/42_a1b2c3d4e5f6g7h8.html",
"ScannedAt": "2026-04-02T09:13:23+08:00"
},
"RequestId": "e4f8c3a2-9b7d-4e6f-a1c5-d8b2e7f3a9c4"
}
}
POST / HTTP/1.1
Host: csip.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeSkillScanResult
<Common request parameters>
{
"ContentHash": "sha256:93329ab36e34abf927eb029bc27db54e0041d7905c1f80a222998d88d62dd4c5",
"EngineVersion": 20200
}
{
"Response": {
"Status": "SCANNING",
"Data": {
"ContentHash": "sha256:93329ab36e34abf927eb029bc27db54e0041d7905c1f80a222998d88d62dd4c5",
"CreatedAt": "2026-04-02T09:08:00+08:00"
},
"RequestId": "f5a9d2b1-8c6e-4d3f-b7a2-e1c8f4d6a3b5"
}
}
POST / HTTP/1.1
Host: csip.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeSkillScanResult
<Common request parameters>
{
"ContentHash": "sha256:0000000000000000000000000000000000000000000000000000000000000000",
"EngineVersion": 20200
}
{
"Response": {
"Status": "NOT_FOUND",
"Data": {
"ContentHash": "sha256:0000000000000000000000000000000000000000000000000000000000000000"
},
"RequestId": "a1b2c3d4-5e6f-7a8b-9c0d-e1f2a3b4c5d6"
}
}
POST / HTTP/1.1
Host: csip.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeSkillScanResult
<Common request parameters>
{
"ContentHash": "sha256:93329ab36e34abf927eb029bc27db54e0041d7905c1f80a222998d88d62dd4c5",
"EngineVersion": 20200
}
{
"Response": {
"Status": "FAILED",
"Data": {
"ContentHash": "sha256:93329ab36e34abf927eb029bc27db54e0041d7905c1f80a222998d88d62dd4c5",
"FailedAt": "2026-04-02T09:13:00+08:00",
"Message": "Scan task execution failed, please resubmit"
},
"RequestId": "c7d8e9f0-1a2b-3c4d-5e6f-7a8b9c0d1e2f"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
There is no error code related to the API business logic. For other error codes, please see Common Error Codes.
文档反馈