Back to skill

Security audit

volc-vision

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Volcengine ARK image-analysis skill, but images and prompts are sent to an external API when used.

Install this only if you intend to use Volcengine ARK for cloud-based image understanding. Use a dedicated ARK_API_KEY, and do not submit private photos, IDs, screenshots, confidential documents, or regulated data unless you are comfortable with the image content and prompt being processed by that external provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill metadata declares required environment variables but does not explicitly declare corresponding permissions, creating a transparency gap between what the skill needs and what users or the platform may expect. This can lead to over-trust and unintended exposure of sensitive secrets such as ARK_API_KEY to the skill runtime without clear permission signaling.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation phrases are broad enough to match ordinary conversation like '看看这张图' or '描述一下', which can cause the skill to trigger in situations the user did not specifically intend. In this skill's context, unintended invocation is more dangerous because it may send local images, remote image URLs, or base64 content to an external vision API, causing privacy leakage or unnecessary external data transfer.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description does not warn that supplied images, image URLs, or derived content may be transmitted to the external ARK API for processing. Because this skill is specifically built for analyzing potentially sensitive user-provided images, omission of that disclosure materially increases privacy and data-handling risk and can defeat informed user consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill reads image data from a local file, URL, or base64 input and sends the full image content to a third-party remote API for processing, but the CLI provides no explicit disclosure or consent prompt before exfiltrating potentially sensitive images. In this skill's context, remote transmission is core functionality rather than malicious behavior, but the lack of notice can cause unintended disclosure of private screenshots, documents, or local files selected by the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.