ClawHub

Volcengine Deploy

Security checks across malware telemetry and agentic risk

Overview

This is a deployment helper that can make real Volcengine changes, but its high-impact behavior is mostly explicit, user-directed, and aligned with its stated purpose.

Install only if you want an agent to help deploy to Volcengine and you are comfortable granting it cloud CLI access. Before any deploy, verify the Volcengine account, region, resource strategy, public ports, and expected spend; treat --yes deploy steps and poll-status --cmd values as commands that need explicit review, and do not pass untrusted text into the polling helper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented command `vefaas deploy --newApp <app-name> ... --yes` performs a live deployment with automatic confirmation, but the surrounding guidance does not explicitly tell the operator that this will create or modify real cloud resources and deploy code immediately. In an agent skill context, that omission is more dangerous because an automated agent may execute the step non-interactively, increasing the chance of unintended production changes, unexpected spend, or accidental exposure of an unreviewed build.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script executes the user-supplied --cmd value with eval, which causes shell metacharacters, command substitution, separators, and variable expansions to be interpreted as code. If any untrusted or indirectly user-controlled input reaches --cmd, an attacker can execute arbitrary shell commands on the deployment host, and the polling/retry behavior can repeatedly re-run the payload.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal