Volcengine Agent Identity
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent identity/credential-management skill, but it handles login tokens, hosted credentials, environment bindings, and tool approvals, so users should install it only if they trust the underlying plugin.
This skill appears purpose-aligned, but it is sensitive: it can help manage login sessions, TIP tokens, OAuth/API-key credentials, and env-var credential bindings. Before installing, verify the underlying agent-identity plugin is trusted, keep approval actions human-only, use minimal scopes, and review stored credentials and bindings regularly.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may help the agent access or manage credentials connected to the user's accounts.
The skill is explicitly intended to handle user login, workload tokens, OAuth credentials, and API keys. This is expected for the identity purpose, but it is high-impact account/credential authority.
UserPool OIDC login ... TIP token ... credential hosting (出站授权 OAuth2, API key)
Use only with a trusted agent-identity plugin, approve only necessary providers/scopes, and periodically review or revoke stored credentials.
A credential bound into an environment variable could be used by other tools that run under the agent.
The skill can add credentials and bind them into environment variables for tools. This is purpose-aligned, but users should notice because it can make credentials available to later tool calls.
`identity_fetch` ... `redirectUrl?`, `scopes?` | Add credential ... `identity_set_binding` ... Bind provider → env var for tool injection
Confirm the provider, scopes, redirect URL, and env var name before adding or binding credentials; prefer least-privilege credentials.
If approval controls were misconfigured outside this skill, risky shell/file actions could be approved too easily.
The artifacts document a tool that can approve high-risk actions, but also clearly state that approval must be user-initiated and the agent must not self-approve.
`identity_approve_tool` ... Approve a high-risk tool call ... agent must never call `identity_approve_tool`
Keep approval as a human-only action and verify the platform enforces that the agent cannot call the approval tool autonomously.
Commands or file paths submitted for risk analysis may be included in an LLM evaluation context.
Optional LLM risk checking may send command or path context to an LLM for classification. This is disclosed and purpose-aligned, but it is a provider data-flow users should understand.
LLM-based (optional): When rules return "medium", an LLM re-evaluates for context
Enable LLM-based risk checking only if acceptable for your privacy needs, and avoid including secrets in commands or file paths.
Users cannot verify the plugin implementation from this skill package alone.
The provided artifact contains only instructions and does not include the implementation of the underlying agent-identity plugin, so code/provenance review is limited.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the installed agent-identity plugin and configuration come from a trusted Volcengine/OpenClaw source before enabling credential management.