ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Viking Knowledgebase

v1.0.0

当用户提到知识库时,默认使用此技能进行处理,进行 Viking 知识库服务进行相关操作

0· 84·0 current·0 all-time
by@volcengine-skills

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for volcengine-skills/byted-viking-knowledgebase.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Byted Viking Knowledgebase" (volcengine-skills/byted-viking-knowledgebase) from ClawHub.
Skill page: https://clawhub.ai/volcengine-skills/byted-viking-knowledgebase
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install byted-viking-knowledgebase

ClawHub CLI

Package manager switcher

npx clawhub@latest install byted-viking-knowledgebase
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code implements a knowledgebase search against api-knowledgebase.mlp.cn-beijing.volces.com which matches the stated purpose. However, the skill's README and code disagree on required environment variables and dependencies (see below), so the declared requirements don't fully align with what the code actually needs.
!
Instruction Scope
SKILL.md instructs the agent/user to set VIKING_KBSVR_API_KEY and VIKING_KBSVR_API_SECRET and to install volcengine and aiohttp. The runtime script (scripts/search.py) actually asserts VIKING_KBSVR_ID and VIKING_KBSVR_API_KEY; it does not read VIKING_KBSVR_API_SECRET and it uses requests + volcengine.Request. The SKILL.md omits VIKING_KBSVR_ID and mentions an API secret that the code doesn't use — an instruction/code mismatch that could cause failures or unexpected behavior.
Install Mechanism
This is an instruction-only skill with no install spec (low install risk). A requirements.txt is provided, but there is no automated install step. Note: requirements.txt lists volcengine and aiohttp, but the script imports requests and volcengine; requests is not listed, which is an implementation/dependency mismatch (functional bug, not an install-hostile pattern).
!
Credentials
The skill actually requires VIKING_KBSVR_ID and VIKING_KBSVR_API_KEY (both read from the environment) but SKILL.md documents API_KEY and API_SECRET instead. The code does not use API_SECRET. The mismatch means users may supply incorrect secrets or omit the required service ID; additionally, the skill will send the provided API key to a third-party domain (api-knowledgebase.mlp.cn-beijing.volces.com), so you should ensure the key is scoped/limited and that you trust the service.
Persistence & Privilege
The skill does not request permanent/always-on privileges (always: false) and does not modify other skills or system-wide settings. It only runs a local Python script that makes outbound HTTP calls.
What to consider before installing
This skill mostly does what its name says (search a Viking knowledgebase), but its documentation, dependency list, and code disagree. Before installing, verify these items: 1) The script requires VIKING_KBSVR_ID and VIKING_KBSVR_API_KEY (SKILL.md currently omits the ID and asks for an API secret that the code doesn't use) — update the docs or code so they match. 2) The script uses the requests library but requirements.txt doesn't include requests; add it if you plan to run the script. 3) The script sends your API key to api-knowledgebase.mlp.cn-beijing.volces.com — only use a least-privilege API key you trust to be sent there. 4) Test the script in an isolated environment before granting any real credentials. If you want to proceed, ask the author to correct SKILL.md and requirements.txt (or review and fix the script) so there are no hidden/mismatched expectations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cxw6djnp06dh0pp4dhbhmy983wh40
84downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@volcengine-skills
latest
Download

Viking 知识库

本技能帮助您搜索知识库中的知识。

功能

  • 从知识库搜索知识

运行前,请确保以下几点:

  1. 确保用户已设置如下环境变量
    • 火山引擎知识服务 API Key,名称为 VIKING_KBSVR_API_KEY
    • 火山引擎知识服务 API Secret,名称为 VIKING_KBSVR_API_SECRET
  2. 请确保已安装了 Python 库:pip install volcengine 以及 pip install aiohttp

搜索知识库

python scripts/search.py "搜索查询关键词"

其中:

  • "搜索查询关键词":你需要根据用户需求生成搜索查询关键词,用于搜索知识库中的知识

该脚本将返回给您知识库中与查询关键词相关的知识内容列表

Comments

Loading comments...