ClawHub

Volcengine Sdk Generator

Security checks across malware telemetry and agentic risk

Overview

The skill is broadly a Volcengine SDK sample generator, but it needs Review because it includes insecure HTTP/SSL-disable examples and can send raw user queries to Volcengine during lookup.

Install only if you are comfortable with SDK lookup data being sent to Volcengine and you will review generated or referenced code before using it. Do not copy the HTTP or SSL-disable settings into production; keep HTTPS and certificate verification enabled, and avoid placing real credentials or secrets in prompts or Params.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The alias file expands a skill advertised for SDK-example generation into discovery and routing coverage for a very large set of cloud services, including clearly mutating operations such as create, delete, update, start, stop, authorize, and terminate. Even if the skill only intends to generate code, this broad action vocabulary increases the chance of misrouting benign user prompts into sensitive operational API targets and materially widens the blast radius of downstream tool use.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The alias mapping includes GetAuthorizationToken and also covers STS AssumeRole-related credential acquisition, which are sensitive token or temporary-credential retrieval flows not necessary for many SDK-example requests. In a skill that accepts natural-language triggers, these aliases can steer users toward secrets-bearing operations or generate code patterns that normalize credential retrieval without strong justification or guardrails.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "镜像列表" is highly generic and can match many unrelated image-listing requests, causing the ranker to route users to the ECS DescribeImages action unexpectedly. While not directly destructive, ambiguous routing can lead to wrong API selection, confusing responses, and unwanted exposure of infrastructure-oriented actions in contexts unrelated to ECS.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The phrase "制作镜像" is ambiguous and can refer to many image-building contexts, yet it maps to the ECS CreateImage action, a mutating operation. Because this skill is positioned as SDK-example generation, broad natural-language matching to a create action raises the risk of accidental operational targeting and generation of code for unintended resource creation workflows.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The pattern "查询基础模型" is broad enough to capture generic model-discovery requests outside the Ark service, which can cause incorrect routing to Ark model APIs. In a multi-skill environment, this kind of overbroad alias degrades isolation and can misdirect users away from the correct tool or service context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document includes `apiClient.setVerifyingSsl(false)` and `apiClient.setDisableSSL(true)` as normal configuration examples without any warning that they disable certificate validation or TLS entirely. In an SDK integration reference, users may copy these settings into production code, enabling man-in-the-middle attacks, credential theft, and tampering of signed API traffic, especially since this skill deals with AK/SK, STS, and other sensitive authentication flows.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation includes example code that explicitly sets `setSchema('http')` and `setVerifySsl(false)` without any warning, which normalizes insecure transport and can lead users to send credentials and API traffic without confidentiality or authenticity guarantees. In this skill’s context, that is especially risky because the same document discusses AK/SK, STS, OIDC, SAML, and other credential flows, so copied examples could expose sensitive secrets to man-in-the-middle interception or endpoint spoofing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The SSL/proxy example includes `configuration.scheme = "http"` and `configuration.verify_ssl = False` without any warning that these settings disable transport security. In a code-generation/reference skill, users may copy these examples verbatim, which can expose credentials, session tokens, and API traffic to interception or man-in-the-middle attacks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code can automatically send the user's raw query to `api.volcengine.com` via `remote_search`, including on fallback when local ranking returns no hits, without any consent, warning, or minimization. User queries may contain sensitive internal API names, credentials pasted by mistake, or proprietary context, creating an information disclosure risk to an external service.

Unsafe Defaults

Medium
Category
Tool Misuse
Content
```python
configuration.scheme = "http"
configuration.verify_ssl = False
configuration.ssl_ca_cert = "/path/to/ca-bundle.crt"
configuration.proxy = "http://proxy:8080"
configuration.http_proxy = "http://proxy:8080"
Confidence
99% confidence
Finding
verify_ssl = False

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal