Volcengine TOS Smoke Test

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Volcengine TOS storage smoke-test guide, but users should run it only against non-sensitive test buckets and objects.

Install only if you intend to test Volcengine TOS access. Use a dedicated non-production bucket, non-sensitive test objects under a test prefix, and least-privilege temporary credentials. Verify any external CLI, Python package, or helper script before running it, and treat presigned URLs as temporary access links that should not be shared or logged.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to upload, download, presign, and delete objects in a real TOS bucket, but it does not clearly warn that these actions modify remote data and that presigned URLs temporarily expose access to objects. In a testing skill, these operations are expected, but without explicit safety guidance a user may run them against production buckets or share sensitive presigned links unintentionally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal