ClawHub

volcengine-tos-vectors-skills

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Volcengine vector-storage skill, with ordinary but potentially risky delete and RAG examples users should handle carefully.

Use least-privilege Volcengine credentials, preferably scoped to a test or dedicated project. Review delete examples before running them, keep backups for important vector data, and avoid sending sensitive retrieved content to external LLM providers unless that data sharing is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The example includes bucket deletion without an explicit warning that the action is destructive and may permanently remove stored vector data once the bucket is emptied. In an agent workflow, users may copy or trigger this operation without understanding the data-loss consequences, increasing the risk of accidental deletion.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The vector deletion example removes stored records by key but does not clearly warn that this deletes user-managed data from the index. Because this skill is specifically for vector database management, an agent may treat deletion as routine unless the documentation emphasizes confirmation and recovery limitations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The RAG example sends both the user's question and retrieved document content to an external LLM service via `llm_client.generate(prompt)` without any notice, consent, or guidance on data sensitivity. In a vector/RAG skill, retrieved context can contain proprietary, personal, or regulated data, so this pattern can cause unintended third-party disclosure even if the code is only instructional.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal