Back to skill

Security audit

volcengine-tos-vectors-skills

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TOS Vectors cloud database helper, but users should use scoped credentials and be careful with remote uploads, LLM prompts, and delete operations.

Install this only for users who intend to manage Volcengine TOS Vectors resources. Use least-privilege or test credentials, avoid indexing confidential raw content unless approved, confirm exact bucket/index/vector targets before deletion, and treat RAG examples as sending retrieved context to whichever LLM provider you configure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill uses environment-derived credentials and account identifiers in executable examples, but the skill metadata shown does not declare corresponding permissions or sensitive capability use. That mismatch can cause the agent platform or reviewer to underestimate the skill's access to secrets and external services, increasing the risk of unintended credential use or unauthorized data operations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README directs users to export long-lived access credentials in shell environment variables but provides no guidance on secure handling, rotation, least-privilege use, or avoiding exposure through shell history, process inspection, logs, or shared environments. In a credentialed cloud service workflow, this omission increases the chance of accidental secret leakage and misuse of the TOS account.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises bucket and vector delete capabilities without any warning that these operations are destructive and may permanently remove data. In a storage-management skill, omission of confirmation, backup, or recovery guidance can lead users or agents to perform irreversible deletions during routine operations.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The description contains broad activation language such as 'use when working with embeddings, semantic search, RAG systems, recommendation engines,' which can match many ordinary AI tasks. Over-broad routing can cause this skill to activate in contexts where vector database access is unnecessary, exposing external data stores or credentials to more requests than intended.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation includes delete operations for buckets and vectors without an explicit warning, confirmation requirement, or guidance about irreversible data loss. In an agent setting, examples strongly influence behavior; presenting destructive calls as routine can lead to accidental deletion of production vector data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The RAG workflow forwards retrieved document content and the user's question to an external LLM via llm_client.generate(prompt) without any warning, consent flow, or data classification guidance. If indexed documents contain sensitive, proprietary, or regulated data, this can lead to unintended third-party disclosure during normal use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The indexing workflow uploads document-derived embeddings and metadata, including title and content_preview, to a remote vector service without clearly warning that local data is being transmitted and stored externally. In enterprise or privacy-sensitive environments, users may unknowingly upload confidential information, creating data exposure and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.