Skillv1.0.4

ClawScan security

Volcano Engine Serverless Flink Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 4:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's content appears coherent for managing Volcano Engine Flink via the volc_flink CLI, but there are inconsistent metadata declarations (manifest vs SKILL.md) about required binaries/credentials that should be resolved before trusting it.
Guidance: Before installing or enabling this skill: 1) Confirm the registry metadata is reconciled with the SKILL.md (the skill requires the volc_flink CLI and access to ~/.volc_flink / $VOLC_FLINK_CONFIG_DIR and may use VOLCENGINE_* env vars). 2) Only install if you trust the source — there's no homepage or provenance provided. 3) Ensure you have volc_flink from an official release and that the CLI's config directory does not contain sensitive unrelated credentials you don't want the skill to read. 4) When using the skill, avoid pasting AK/SK into chat; prefer interactive login or an enterprise secret-management flow as the docs recommend. 5) If you need higher assurance, test the skill in an isolated environment or ask the owner to correct the manifest so required binaries/env vars are declared explicitly.

Review Dimensions

Purpose & Capability: concernSKILL.md and many child SKILL.md files clearly require and instruct use of the volc_flink CLI, local config (~/.volc_flink or $VOLC_FLINK_CONFIG_DIR), and (optionally) VOLCENGINE AK/SK/REGION — which is proportionate for a Flink management skill. However the registry metadata provided at the top of the evaluation states 'Required binaries: none' and 'Required env vars: none', creating an incoherence between what the skill claims (manifest) and what it actually needs (instructions). This mismatch reduces trust and should be corrected or explained.
Instruction Scope: okThe runtime instructions are scoped to Flink management via the volc_flink CLI: checking login state, listing projects, catalog/table inspection, generating CDC YAML, creating drafts, publishing jobs, and diagnosing logs/metrics. The docs explicitly prohibit asking users to paste plaintext AK/SK in chat and emphasize interactive login and redaction rules. I found no instructions that request unrelated system secrets or to exfiltrate arbitrary files or data.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by the skill package itself. That is the lowest-risk install model.
Credentials: noteThe skill sensibly references local config paths (~/.volc_flink, $VOLC_FLINK_CONFIG_DIR) and optional environment variables (VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY, VOLCENGINE_REGION) and declares a primary credential 'volc_flink_local_config' in SKILL.md — all expected for a CLI-based cloud integration. The problem: the top-level registry metadata omitted these requirements. Verify whether the platform will actually grant access to those config paths/env vars or whether the metadata omission hides required privileges.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated persistence. It does state may_access_config_paths for the user's volc_flink config (reasonable for this purpose). There is no indication the skill self-modifies other skills or system-wide settings.