ClawHub
Back to skill
v1.0.0

Volcengine Ai Text Ark Chat

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:33 AM.

Analysis

This is a simple Volcengine ARK chat template, but users should notice it uses an ARK API key and sends prompt text to Volcengine.

GuidanceBefore installing, make sure you are comfortable giving the agent access to a Volcengine ARK API key and sending task text to Volcengine. Prefer scoped credentials, keep keys in environment variables, and avoid using the skill for sensitive text unless your provider agreement permits it.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
curl https://ark.cn-beijing.volces.com/api/v3/chat/completions \

The skill documents a raw HTTP call to the Volcengine ARK chat-completions API. This is central to the stated purpose, but it means the agent may invoke an external service to complete text tasks.

User impactYour agent may send task content to Volcengine ARK when using this skill.
RecommendationUse the skill only for content you are comfortable sending to Volcengine, and review requests when handling sensitive text.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Verify `ARK_API_KEY`, endpoint ID, and region.

The skill expects access to an ARK API key, while the registry metadata declares no required environment variables or primary credential. The key use is expected for Volcengine ARK, but users should notice the credential requirement.

User impactAn ARK API key can authorize usage of your Volcengine account and may incur provider usage costs.
RecommendationStore the key securely as an environment variable, use the least-privileged or scoped key available, and avoid pasting the key into chat content.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
"messages": [{"role":"user","content":"请总结这段文本"}]

The template places user-provided text into a request body sent to the external ARK API endpoint. This is disclosed and purpose-aligned, but it is still a provider data-flow users should recognize.

User impactPrompt text, documents, or summaries provided for processing may be transmitted to Volcengine ARK.
RecommendationDo not use this skill for confidential, regulated, or proprietary text unless your Volcengine data-handling terms allow it.