Volcengine
v1.0.0Navigate and deploy Volcengine cloud infrastructure, integrate AI models, and build intelligent agent workflows for scalable, automated applications.
⭐ 0· 169·1 current·1 all-time
bywow@duanc-chao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (deploy and integrate Volcengine services and build agent workflows) align with the SKILL.md content: it explains infrastructure, model APIs, OpenClaw integration, orchestration, and security. The skill is instruction-only and does not declare any unrelated requirements.
Instruction Scope
The instructions stay on-topic (IaC, Terraform, VKE/ECS, model API usage, OpenClaw skills, agent orchestration). One small inconsistency: the Python snippet demonstrates hardcoding Access Key/Secret Key via maas.set_ak()/set_sk() while earlier text explicitly advises using environment variables or secret stores; this is a documentation quality issue rather than malicious behavior. The doc references management port 18789 and best practices for restricting it, which is appropriate for the stated purpose.
Install Mechanism
No install spec and no code files beyond the instructional SKILL.md — lowest-risk format. Nothing is being downloaded or written to disk by the skill itself.
Credentials
The registry metadata declares no required environment variables or credentials. The instructions correctly indicate that Access Key/Secret Key are required to call Volcengine APIs; this is proportionate to the described functionality. Users should avoid hardcoding keys as the example shows and instead use secret management as recommended in the doc.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills/config. Autonomous invocation is allowed by platform default but is not combined here with other concerning factors.
Assessment
This skill is a documentation-style guide and appears consistent with its purpose, but before relying on it: (1) verify the content against Volcengine's official docs and SDKs because the skill source/homepage is unknown; (2) never paste real Access Key/Secret Key into chat or hardcode them—use environment variables or a secrets manager as the doc recommends; (3) confirm the API endpoints and domain names used in examples (typos or stale endpoints can exist in community documentation); (4) if you deploy OpenClaw or expose management ports (e.g., 18789), restrict access to trusted IPs and monitor access logs. If you need code or install artifacts, prefer assets from official repos/releases rather than community-provided binaries.Like a lobster shell, security has layers — review code before you run it.
latestvk979d3z8bswvphr2vsn4bh1pmd838zn3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.