Volcengine Ai Entry Ark

Security checks across malware telemetry and agentic risk

Overview

This is a small, purpose-aligned Volcengine ARK helper that shows users how to call the ARK API with their own key and does not add hidden execution or persistence.

Install this only if you intend to use Volcengine ARK. Use a scoped ARK API key, confirm the endpoint and region, avoid sending sensitive prompts unless your Volcengine data-handling requirements allow it, and redact Authorization headers from any logs or support material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The default prompt uses a generic routing phrase that can activate the skill in a wide range of loosely related ARK requests without clear guardrails. Broad activation increases the chance of unintended invocation, misrouting, or prompt-trigger abuse by users who can steer the agent into this workflow when a more specific or safer skill should handle the request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal