Volcengine Security Kms
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Volcengine KMS helper, with the main caution that key creation and decrypt/sign operations require sensitive cloud permissions.
Before installing, confirm that any Volcengine credentials available to the agent are least-privilege and limited to the intended KMS keys and projects. Ask for explicit confirmation before key creation, policy changes, decryption, or signing operations.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a Volcengine account, the agent may be able to create keys, use keys for encryption/decryption/signing, or inspect policy bindings within the permissions it has.
The skill is explicitly meant to operate KMS keys and perform cryptographic operations, which is purpose-aligned but requires sensitive cloud permissions.
2. Create or select key and validate policy bindings. 3. Execute encrypt/decrypt/sign task. ... - Validate caller permissions before key operations.
Use least-privilege Volcengine IAM permissions, restrict access to intended keys/projects, and require clear user confirmation before creating keys or decrypting/signing sensitive data.