byted-bp-cdn-pagesdeploy
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: byted-bp-cdn-pagesdeploy Version: 1.0.1 The skill bundle provides deployment functionality for BytePlus Edge Pages but contains shell injection vulnerabilities in `scripts/deploy.sh` due to the use of `eval` on the `--build-cmd` parameter and constructed update arguments (including the `--desc` field). While the script's logic aligns with its stated purpose of site deployment and credential management, the lack of input sanitization and the use of environment-specific hardcoded paths (e.g., `/opt/tiger/mira_nas/`) present a high risk for exploitation by a malicious actor or through prompt injection against the AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidentally crafted deployment request could execute unwanted commands on the user's machine under the user's account.
DESC and REGION are parsed from command-line options, concatenated into a shell string, and executed with eval. A crafted description or region value containing shell metacharacters could run local commands during an update.
[[ -n "$DESC" ]] && update_args="$update_args --description '$DESC'" [[ -n "$REGION" ]] && update_args="$update_args --region $REGION" ... eval "$NEST pages update -p $pages_id $update_args" || true
Remove eval, pass arguments using Bash arrays with proper quoting, validate region against allowed values, and only run explicit build commands after clear user approval.
The skill may install and run external CLI code that can change over time.
The script fetches an unpinned npm package at runtime. This is central to the stated deployment purpose, but it means first run depends on the current npm package contents and registry trust.
npm install @byteplus/nest --prefix "$install_dir" 2>/dev/null
Install the official BytePlus CLI from a trusted source, prefer a pinned version, and review package provenance before use.
Anyone or any process using the configured CLI may be able to act on the linked BytePlus / VolcEngine account within the key's permissions.
The skill requires provider credentials and stores them in the provider CLI configuration. This is expected for deploying to BytePlus / VolcEngine, but it grants account authority to create, update, and manage Pages resources.
Requires BytePlus / VolcEngine Access Key and Secret Key ... nest config set -g cloud.access_key YOUR_AK && nest config set -g cloud.secret_key YOUR_SK
Use a dedicated, least-privilege access key for Pages deployment and rotate or remove it when no longer needed.
Using the wrong project ID could take a public site offline or delete a Pages project.
The management script can take a Pages project offline or delete it. These actions are purpose-aligned and scoped by project ID, and delete asks for confirmation, but they are high-impact cloud mutations.
$NEST pages offline --pages "$PAGES" ... read -p "Are you sure you want to delete $PAGES? [y/N] " confirm [[ "$confirm" =~ ^[yY] ]] && $NEST pages delete --pages "$PAGES" || echo "Cancelled"
Review the project ID before running offline or delete commands, and do not let the agent perform destructive operations without explicit confirmation.