ClawHub

Volcengine CLI

v1.0.5

Create and manage Volcengine cloud resources using the Volcengine CLI (`ve` command). Supports all Volcengine services including ECS, VPC, CLB, RDS, Redis, a...

2· 285·0 current·0 all-time
bysdk-team@volc-sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is advertised as a Volcengine CLI helper and indeed requires the 've' binary and Volcengine AK/SK/REGION environment variables. The included scripts call api.volcengine.com to search and fetch OpenAPI docs, which is consistent with the stated goal of locating APIs and building requests.
Instruction Scope
SKILL.md keeps actions focused on running 've' commands, using --DryRun for writes, and locating API parameters via included scripts. The doc explicitly forbids reading ~/.volcengine/config.json (sensitive). One minor note: allowed-tools includes generic Read/Write, which in theory grants file access; however the instructions themselves avoid reading sensitive files. Verify that any agent implementation enforces the declared safety rules rather than ignoring them.
Install Mechanism
There is no automatic install spec (instruction-only). The SKILL.md documents installing 've' via the official npm package or GitHub releases, which are reasonable, traceable sources. The included helper scripts are simple Python clients that fetch data from Volcengine's official API endpoints — no obfuscated or remote arbitrary-code download URLs were used.
Credentials
The skill requires VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY, and VOLCENGINE_REGION only — exactly the credentials needed to run Volcengine CLI commands. These variables are declared and the primaryEnv matches the expected primary credential. No unrelated secrets or extra cloud provider credentials are requested.
Persistence & Privilege
always:false and no install-time modifications are requested. The skill does not request permanent platform-level privileges or modify other skills. Autonomous invocation is enabled by default (normal) but not combined with other red flags.
Assessment
This skill appears coherent: it will run 've' commands and may call Volcengine's API docs endpoints; to use it safely, only provide Volcengine credentials you trust the skill with (prefer short-lived or least-privilege keys), verify the 've' binary you install (npm package name and GitHub releases), and avoid storing long-lived root credentials in your environment. Note the SKILL.md explicitly says not to read ~/.volcengine/config.json — confirm the agent enforces that rule before granting file-read permissions. If you do not trust the skill's source or cannot limit the credentials, do not install or provide credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk970e9fdeb6vpdrx197tqxfced82t927

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsve
EnvVOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY, VOLCENGINE_REGION
Primary envVOLCENGINE_ACCESS_KEY

Comments