Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Byted Ai Mobileuse Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a coherent Volcengine cloud-phone automation integration, but it uses sensitive cloud credentials and can perform real mobile actions, so users should run it only on intended resources.
Install this only if you intend to automate a Volcengine Cloud Phone. Use least-privilege credentials through environment variables or a trusted proxy, consider pinning the Python dependency, avoid prompts that expose sensitive data or authorize purchases unintentionally, and keep the run ID so you can monitor or cancel the task.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI02: Tool Misuse and Exploitation
Medium
What this means
A prompt could cause the cloud phone agent to click buttons, fill forms, or otherwise change state in mobile apps.
Why it was flagged
The skill is explicitly intended to turn natural-language prompts into remote mobile UI actions. This is purpose-aligned, but those actions can affect app state or accounts on the cloud phone.
Skill content
Use this Skill by default for mobile/phone automation requests (launch apps, navigate UI, click/scroll, fill forms, etc.).
Recommendation
Use clear, narrow prompts, avoid sensitive or financial actions unless you are watching the run, and use the cancellation command if the run behaves unexpectedly.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
Over-privileged or mishandled credentials could allow access to Volcengine resources beyond the specific run the user intended.
Why it was flagged
The skill needs privileged service credentials to call Volcengine APIs. This is expected for the integration, but credential use is sensitive and not reflected in the registry credential declarations.
Skill content
Prefer Ark Skill API proxy when `ARK_SKILL_API_BASE` and `ARK_SKILL_API_KEY` are present... set `VOLCENGINE_ACCESS_KEY` and `VOLCENGINE_SECRET_KEY` as an alternative credential pair.
Recommendation
Provide credentials only through trusted environment variables or a trusted Ark proxy, use least-privilege Volcengine keys where possible, and avoid pasting secrets into chat.
#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means
A dependency update could change behavior or introduce vulnerabilities outside the reviewed skill files.
Why it was flagged
The dependency is unpinned, so future installs may resolve to a newer package version than the one reviewed here.
Skill content
volcengine-python-sdk
Recommendation
Pin and verify the dependency version in controlled environments before using the skill with sensitive credentials.
#
ASI07: Insecure Inter-Agent Communication
Medium
What this means
Mobile prompts, screenshots, run results, or screen recordings may contain private information and be processed or stored by the configured provider services.
Why it was flagged
The skill can send run prompts/results to Volcengine or an Ark proxy and can optionally store screen recordings in TOS. This is disclosed and purpose-aligned, but it may involve sensitive app content.
Skill content
`--is-screen-record`: Enable screen recording... `--tos-bucket`: TOS bucket for screen recording storage
Recommendation
Do not use this skill on apps containing sensitive personal or business data unless the provider, proxy, and storage bucket are trusted and appropriately configured.