ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Bytehouse Multimodal Search

v1.0.0

ByteHouse 多模态检索 Skill,支持文本、图片、视频的向量化存储和混合检索。当用户需要在ByteHouse数据库中进行多模态向量化存储和混合检索时,使用此Skill。

0· 69·0 current·0 all-time
by@volcengine-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The implementation matches the stated purpose: it calls a Volcano Engine (Ark) embeddings API and interacts with ByteHouse (ClickHouse) to create tables, insert embeddings, and run searches. However the registry metadata declares no required environment variables or primary credential even though the code clearly expects ARK_API_KEY and ByteHouse connection credentials (BYTEHOUSE_HOST, BYTEHOUSE_USER, BYTEHOUSE_PASSWORD, etc.). That omission is an inconsistency to be aware of.
Instruction Scope
SKILL.md reasonably limits instructions to installing Python dependencies and setting environment variables for ByteHouse and Ark. It does not attempt to access unrelated system files. Minor mismatch: SKILL.md claims the skill will 'prompt' the user if env vars are not set, but the provided code reads os.environ and does not implement prompting; that could lead to runtime failures or unexpected behavior when env vars are absent. The code also attempts to import/use an MCP client (mcp_client) if available, which will cause network interactions and delegation to another client if present—this is within scope but worth noting.
Install Mechanism
There is no formal install spec in the registry (instruction-only install), but SKILL.md requests pip installs (clickhouse-connect, volcengine-python-sdk[ark], numpy). Installing dependencies via pip is common and traceable to PyPI, but the package names should be verified for authenticity. Because the skill ships Python code files in the package, the skill will run code on the host when invoked — review the included files before executing.
!
Credentials
The environment access required by the code (ARK_API_KEY, ARK_BASE_URL, EMBEDDING_MODEL, EMBEDDING_DIMENSIONS and multiple BYTEHOUSE_* credentials) is proportionate to the declared functionality. The concern is that the registry metadata lists no required env vars or primary credential; this mismatch reduces transparency and increases the chance of accidental credential exposure. Additionally, the client constructs SQL and table names via Python f-strings without full sanitization, which can lead to SQL-injection-like risks if untrusted input is provided (table_name and content are interpolated).
Persistence & Privilege
The skill does not declare always:true and it does not request persistent/privileged system modifications. It does attempt to prefer an MCP client and may connect out to remote services at runtime, but there is no code that modifies other skills or system-wide settings.
What to consider before installing
This skill appears to implement the ByteHouse + Volcano Engine Ark multimodal search it claims, but there are important caveats to review before installing or running it: - Registry metadata omission: The registry declares no required env vars or primary credential, but the code needs ARK_API_KEY (for embeddings) and BYTEHOUSE_* credentials (host, user, password, database). Treat this omission as a transparency issue — do not provide high-privilege credentials without verifying the source. - Limit credentials and scope: Create and supply least-privilege credentials (a ByteHouse user limited to the specific database/tables and an API key with only embedding permission) rather than root/admin DB credentials. - Review and test code locally: The package includes Python scripts. Inspect them (you already have them) and run in a sandboxed environment before giving it network access or real credentials. - Beware SQL construction: insert_document and other methods build SQL using f-strings and interpolate table_name and content; avoid passing untrusted values or sanitize inputs first to prevent injection or malformed SQL. - Verify third-party packages: SKILL.md instructs pip installing clickhouse-connect and volcengine-sdk. Confirm these are the official packages, and consider installing into an isolated virtual environment. - MCP client behavior: The code tries to use an mcp_client if present (it may call other tools or skills). If you rely on MCP, understand what that client does; if unsure, initialize the search client with prefer_mcp=False. - Network/data exfiltration: The skill will send content (text/image/video URLs) and embeddings to external Ark endpoints and connect to your ByteHouse instance. Do not pass sensitive data (personal data, secrets) unless you accept that it will be transmitted to those endpoints. If you need higher assurance: ask the publisher for an explicit list of required env vars in the registry and for a signed package or known homepage. If you cannot verify the source, run in a restricted environment or decline installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cnpyxmrqd4p676pbp7ypq583mdkq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments