v1.0.0

Byted Data Label

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:25 AM.

Analysis

This looks like a real Seederive API helper, but it needs review because it uses cloud secret keys, uploads user data to a remote service, can change or delete labeling resources, and auto-installs a dependency.

GuidanceInstall only if you trust the Seederive/VolcEngine endpoint and publisher. Use a dedicated least-privilege AK/SK, confirm before uploading files or raw data, require explicit approval before delete/backfill/model/prompt changes, and consider manually installing pinned dependencies instead of allowing runtime pip installation.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityMediumConfidenceHighStatusConcern

SKILL.md

当用户提到以下任何场景时必须使用此 Skill... 即使用户没有直接提到「Seederive」... 只要涉及对一批文本做分类/打标/分析/翻译/评分... 都应触发此 Skill。

The skill directs the agent to use Seederive for broad generic analysis and translation tasks, not only when the user asks for Seederive. This can redirect user intent toward an external platform.

User impactThe agent may upload or process data through Seederive when the user expected a normal local or model-only answer.

RecommendationTreat Seederive use as opt-in for generic requests; disclose that data will be sent to the platform and ask for confirmation before invoking it.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/seederive.py

def task_delete(args, config):
    """删除任务"""
    _delete(config, f"/task/{args.id}")

The CLI performs destructive cloud task deletion directly when invoked. The references also document update, delete, backfill, tag-base deletion, and model-change commands without an explicit confirmation step.

User impactIf the agent misinterprets a request or uses the wrong ID, it could delete or modify cloud-side labeling resources.

RecommendationRequire explicit user confirmation, show the target resource name/ID, and prefer reversible or preview steps before delete, backfill, model, or prompt changes.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

scripts/seederive.py

except ImportError:
    print("缺少 requests 库，正在安装...")
    import subprocess
    subprocess.check_call([sys.executable, "-m", "pip", "install", "requests", "-q"])

The script automatically installs an unpinned package from pip during normal execution, despite there being no install spec or declared dependency.

User impactRunning the skill may download and execute third-party package code in the user's Python environment without a separate install review.

RecommendationDeclare dependencies in the install spec, pin versions or hashes, and avoid runtime pip installs inside the operational script.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/seederive.py

access_key = os.environ.get("VOLCENGINE_ACCESS_KEY", "")
secret_key = os.environ.get("VOLCENGINE_SECRET_KEY", "")
...
"Volc-Secret-Key": config["secret_key"]

The script reads cloud AK/SK credentials and sends the secret key in outbound headers. This high-impact credential use is not reflected by the registry metadata's no-credential/no-env-var declarations.

User impactA broad VolcEngine key could authorize account-level actions or expose sensitive account access to the configured API endpoint.

RecommendationUse a dedicated least-privilege key, verify the publisher and endpoint before use, and ensure the skill metadata explicitly declares the credential requirement and expected scope.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

scripts/seederive.py

DEFAULT_BASE_URL = "https://sd6qlcofkmfq59riqgli0.apigateway-cn-beijing.volceapi.com"
...
resp = requests.post(_url(config, path), headers=_headers(config), files=files, data=data)

The script posts user-supplied files and data to an external API endpoint. This is expected for a cloud labeling platform, but the artifacts do not describe data retention, workspace boundaries, or privacy handling.

User impactCSV, Excel, raw text, and labeling examples may leave the local environment and be processed by the remote service.

RecommendationConfirm user consent before uploading data, avoid sensitive or regulated data unless approved, and document the endpoint, retention, and access boundaries.