!
Purpose & Capability
The SKILL.md clearly requires LAS_API_KEY (and optionally LAS_REGION / VOLCENGINE_ACCESS_KEY & SECRET for certain flows), but the registry metadata lists no required env vars — a mismatch. Requiring TOS output paths and TOS credentials is reasonable for a service that writes back to user buckets, but the skill also contains files (generate_result.md.sh) that reference ASR/transcript outputs, which does not match a pure video-resize purpose and suggests copy/paste or leftover artifacts.
!
Instruction Scope
The runtime instructions tell the agent to source scripts/env_init.sh (which fetches a remote manifest and may pip-install a wheel), to read/supply LAS_API_KEY (including asking user to create env files), to upload local files via lasutil, submit tasks, and optionally run a background poll script. Sourcing a project .env is explicitly performed by scripts; that can expose unrelated secrets if a user .env exists. The requirement that the user provide an output_tos_dir and the explicit step-by-step workflow are coherent, but the instruction set gives the agent permission to run network downloads and execute installs — a significant expansion of scope beyond mere API calls.
!
Install Mechanism
There is no declared install spec, but scripts/env_init.sh fetches a remote manifest via curl and pip-installs a wheel from https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com/operator_cards_serving/public/skills/sdk/las_sdk-0.2.0-py3-none-any.whl. That is a dynamic remote download and install (archive execution) performed at runtime when the agent sources the script. Even if the host appears related to Volcengine, installing a wheel from an external URL at runtime is a higher-risk pattern and should be verified.
!
Credentials
SKILL.md requires LAS_API_KEY and LAS_REGION (and notes that VOLCENGINE_ACCESS_KEY / VOLCENGINE_SECRET may be needed for certain output-download flows), but the registry metadata claims no required env vars — inconsistent. The scripts will source a .env file if present, which can unintentionally load unrelated secrets into the agent environment. The number of env variables requested is small and appropriate for the service, but the practice of sourcing an entire project .env and asking users to place keys in env.sh is risky and should be limited to the minimum-required variables only.
ℹ
Persistence & Privilege
always:false (normal). The skill's scripts create/activate a local virtual environment (.las_venv) and create a temporary LAS_WORKDIR, and may pip-install packages into the venv; this writes to disk and installs code, but is scoped to the skill's directory/venv. The skill does not request always:true and does not modify other skills' config. The main concern is the runtime ability to install and run arbitrary code fetched from the network.
Scan Findings in Context
[remote-manifest-curl] unexpected: env_init.sh fetches a manifest from https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com. Fetching remote manifests can be expected for an SDK updater, but it increases risk if the host is not verified. The registry provided no homepage/owner info to corroborate trust.
[remote-wheel-pip-install] expected: env_init.sh pip-installs a wheel from the remote URL. Installing an SDK is expected for a CLI-wrapper skill, but runtime installation of an unverified wheel from a remote URL is a high-risk operation and should be explicitly disclosed and validated by the user.
[source-dot-env] unexpected: scripts source PROJECT_ROOT/.env if present. While convenient to find LAS_API_KEY, sourcing an entire .env can load unrelated secrets into the execution environment, which is disproportionate and risky.
[leftover-asr-artifacts] unexpected: scripts/generate_result.md.sh and some result text reference ASR, transcript.txt, and audio_info which do not belong in a video-resize operator. This indicates copy/paste or incomplete cleanup and reduces confidence in the package's care/intent.
[lasutil-cli-usage] expected: The skill wraps lasutil CLI commands (submit/poll/file-upload). That is expected for a tool that uses the LAS operator CLI.
What to consider before installing
This skill appears to implement Volcengine LAS video resizing but has several red flags you should address before running it:
- Verify the missing metadata: SKILL.md requires LAS_API_KEY / LAS_REGION but the registry lists no required env vars — expect to supply LAS_API_KEY. Ask the publisher to clarify and add a homepage or official source.
- Inspect env_init.sh before sourcing: it downloads a manifest and pip-installs a wheel from a remote URL. Do not run this script unless you trust that host. Prefer installing the official SDK from a verified package index or vendor-provided URL.
- Avoid allowing the scripts to source your entire .env. If you must provide LAS_API_KEY, set it in a minimal, dedicated location (or export it just for the command) instead of revealing other secrets.
- The repo contains ASR-related leftovers (transcript handling), which suggests careless copying. Test the skill in an isolated sandbox or VM before using it with production credentials or sensitive data.
- If you need this functionality but are unsure of the origin, ask the publisher for provenance (homepage, repo, or organization), a signed release, or a verified pip package name; otherwise consider implementing a minimal wrapper that only calls the official LAS API endpoints you trust.
If you decide to proceed, run scripts only after manual review, and keep LAS_API_KEY scoped to the minimal permissions required (and rotate it afterward if you suspect exposure).
