Skillv1.0.0

ClawScan security

Volcengine Security Kms · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to perform Volcengine KMS key lifecycle operations but provides no authentication, configuration, or actionable API/invoke instructions — the capability and its requirements are not coherent.
Guidance: This skill claims to manage Volcengine KMS but is missing essential operational details (authentication and concrete API/CLI steps). Before installing or using it: - Treat it as advisory documentation rather than an actionable integration until the author documents auth and invocation details. - Ask the publisher to declare required credentials (e.g., VOLCENGINE_ACCESS_KEY_ID, VOLCENGINE_SECRET_ACCESS_KEY, REGION/ENDPOINT) and the minimum IAM permissions needed for each operation. - Do not expose high-privilege or long-lived keys to the agent; prefer least-privilege scoped credentials or ephemeral roles. - If you intend to let the agent perform real KMS operations, test in a non-production account with narrowly scoped permissions and audit logs enabled. - If the skill will run autonomously with access to credentials, require explicit confirmation and review of the credential scope first. If the author clarifies that the skill is purely a checklist/documentation (no runtime API calls), it would be lower risk; if it is intended to perform real KMS operations, the current lack of declared credentials/config is a red flag and should be corrected.

Review Dimensions

Purpose & Capability: concernThe skill's name and description state it manages Volcengine KMS (create/rotate/encrypt/decrypt/etc.), but the package declares no required environment variables, no credentials, and no config paths. Real KMS operations require cloud credentials (API key/secret, role, or SDK config) and often a region/endpoint; their absence is a mismatch between stated purpose and declared requirements.
Instruction Scope: noteSKILL.md contains high-level steps (confirm key purpose, create/select key, run encrypt/decrypt/sign, return metadata) and sensible safety rules, but it is purely advisory and lacks concrete runtime instructions: no API endpoints, no authentication flow, no SDK/CLI commands. That vagueness could lead an agent to attempt to use whatever credentials are available in the environment without explicit guidance.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That keeps the on-disk footprint minimal and is consistent with a documentation-style skill.
Credentials: concernNo environment variables or primary credential are declared even though interacting with Volcengine KMS would normally require credentials (access key, secret, possibly region/endpoint). This omission is disproportionate and ambiguous: either the skill is only documentation (then it should say so), or it expects the agent to use existing credentials — which should be explicitly declared and scoped.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable; it does not demand elevated persistence. Autonomous invocation is allowed (platform default) but is not combined here with broad declared credentials.