!
Purpose & Capability
The SKILL.md declares this is a wrapper around the lasutil CLI and requires LAS_API_KEY/LAS_REGION and sometimes VOLCENGINE_ACCESS_KEY/VOLCENGINE_SECRET, but the registry metadata lists no required env vars or binaries. The skill implicitly requires lasutil, python3, jq and pip, yet 'required binaries' is empty. This mismatch between declared metadata and actual needs is incoherent and unexpected.
!
Instruction Scope
Runtime instructions and scripts read .env files, source a local env_init.sh (which may install/upgrade an SDK), instruct the agent to upload local files to TOS and to prompt the user for API keys if missing. The flow requires sending PDF data to Volcengine endpoints (expected for the stated purpose), but also instructs or automates storing/reading keys from local files (env.sh/.env) which increases risk of accidentally persisting secrets. The SKILL.md also mandates specific UI wording for billing statements—an operational constraint but not a security issue.
!
Install Mechanism
Although the registry lists 'no install spec', scripts/env_init.sh will fetch a remote manifest and pip-install a wheel from https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com/... . That causes arbitrary remote code to be written/executed in the agent environment at runtime. The wheel is hosted on a non-standard third-party URL rather than a widely auditable release host (e.g., PyPI or GitHub releases). This is higher risk than an instruction-only skill that does not fetch code.
!
Credentials
SKILL.md requires LAS_API_KEY (and LAS_REGION) and sometimes asks for VOLCENGINE_ACCESS_KEY / VOLCENGINE_SECRET_KEY when downloading outputs from TOS. None of these are declared in the registry metadata. Requiring multiple cloud credentials (and instructing the user to write them into a local env file) is disproportionate to a simple parser wrapper unless explicitly documented in metadata and privacy/security policy.
✓
Persistence & Privilege
The skill does not request 'always: true' or system-wide privileges. It does include a background polling script (for long-running jobs), but that is a normal component for an async API wrapper. The skill does create a temporary workdir and may create a virtualenv in project root (.las_venv) if missing—this is standard but worth noting.
Scan Findings in Context
[remote-pip-install-from-unfamiliar-host] unexpected: env_init.sh downloads and pip-installs a wheel from a non-standard domain (las-ai-cn-beijing-online.tos-cn-beijing.volces.com). Installing remote code at runtime is not strictly necessary to 'explain how to call an API' and increases risk. If you trust the vendor, this may be acceptable; otherwise it is unexpected.
[uses-external-cli-labeled-as-required-in-docs] expected: The skill wraps the 'lasutil' CLI (submit/poll/file-upload/pdf-pages), which is expected for a CLI wrapper. However, the registry metadata did not list lasutil or other binaries as required, creating an inconsistency.
[reads-local-env-files-and-requests-secrets] unexpected: The skill instructs sourcing .env or creating env.sh with LAS_API_KEY and will read them automatically. Asking users to put API keys in a file in the current directory is a convenience but increases the chance of credential leakage; this behavior was not declared in registry metadata.
What to consider before installing
This skill appears to implement a legitimate PDF→Markdown wrapper around Volcengine LAS, but there are important mismatches and risky behaviors you should consider before installing or running it:
- Metadata mismatch: The registry says no required env vars/binaries, but SKILL.md and scripts require LAS_API_KEY, LAS_REGION (and potentially VOLCENGINE_ACCESS_KEY/SECRET) and rely on the lasutil CLI, python3, jq, and pip. Verify you are comfortable providing those credentials and that lasutil is available.
- Remote code install: The env_init.sh script may pip-install a wheel from a vendor-specific URL at runtime. If you don't trust that host, do not run env_init.sh; instead ask the skill author for a vetted, signed release or prefer an SDK from an auditable source (PyPI/GitHub releases). Run the install steps in an isolated environment (container or VM) if you need to test.
- Secrets handling: The skill suggests storing API keys in .env or env.sh files. Avoid putting long-lived secrets into chat or non-encrypted files. If possible, create a scoped/temporary API key for testing and rotate it afterward.
- Operational safety: The skill uploads local files to Volcengine/TOS for processing; ensure you are allowed to transmit that data to the provider and that no sensitive data leaks. Confirm retention/expiration of pre-signed URLs.
- Ask the author: Request clarification about the manifest/wheel URL, why the registry metadata omits required env vars/binaries, and whether the wheel can be obtained from a standard package host. If the author cannot justify these inconsistencies, treat the skill as risky.
If you decide to proceed, run it in a sandboxed environment, supply only limited-scope credentials, and inspect the contents of any downloaded wheel before executing it.
