Skillv1.0.0

ClawScan security

Volcengine TOS Smoke Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 1:09 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The instructions describe legitimate smoke tests for Volcengine TOS, but the skill package omits the referenced scripts and does not declare required credentials (AK/SK), so the bundle is incoherent and needs clarification before use.
Guidance: This skill's instructions are plausible for testing Volcengine TOS, but the package is incomplete and metadata is inconsistent. Before installing or running: 1) Ask the publisher for the missing script(s) (tos_manage.py and any bundled helpers) or confirm the intended install location — the SKILL.md references files that are not included. 2) Confirm which environment variables are required (AK/SK, REGION, ENDPOINT) and how they should be provided; the skill should declare these in its metadata. 3) Only provide AK/SK to trusted code; if you must run these tests, prefer using an IAM key with minimal read/write scope and a throwaway test bucket. 4) If you cannot obtain the missing scripts from a trusted source, treat this as incomplete/untrusted and do not run arbitrary downloaded scripts. Additional information that would change this assessment to benign: the skill bundle includes the referenced scripts, or the metadata explicitly declares the required env vars and a trustworthy install path for the test tooling.

Review Dimensions

Purpose & Capability: concernThe name/description match the instructions (TOS smoke tests). However the SKILL.md calls out a local script path (python skills/storage/tos/volcengine-storage-tos/scripts/tos_manage.py) that is not included in the package. The skill also fails to declare the obvious required credentials (AK/SK/Region/Endpoint) in its metadata. That mismatch (expects packaged test script + credentials, provides neither) is disproportionate.
Instruction Scope: concernInstructions are explicit about running commands that list buckets, upload/download files, create temp files under /tmp, and using either tos_manage.py or the tosutil CLI. Those actions are consistent with a storage smoke test, but the instructions assume a local script path and environment variables or a .env file. They do not instruct any broad data collection or exfiltration, but they do assume secrets (AK/SK) are present without declaring them. The missing script files means the agent would be told to execute commands that will fail or that rely on externally supplied code.
Install Mechanism: noteThis is instruction-only (no install spec), which is low-risk. The README instructs installing a Python package 'tos' (pip install tos) and separately installing tosutil manually; those are reasonable but are not enforced by the skill metadata. Because the skill references a local script that isn't bundled, a user would need to obtain or install that script from elsewhere — this is a packaging/availability problem, not necessarily malicious, but it raises operational risk.
Credentials: concernThe skill metadata lists no required env vars or primary credential, yet the SKILL.md explicitly requires AK/SK (via environment variables or a .env file), plus Region/Endpoint and an existing bucket. Requesting cloud credentials would be proportional to the stated purpose, but they should be declared in requires.env and primaryEnv. The omission is an incoherence that could lead to unexpected behavior.
Persistence & Privilege: okThe skill does not request persistent/always-on presence and uses the default model-invocation behavior. It does not ask to modify other skills or system-wide settings.