ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Tos Doc Process

v1.0.0

Generates pre-signed URLs for Bytedance TOS `doc-preview` processing to preview and convert documents to PDF, images (PNG/JPG), or HTML, and to export page r...

0· 34·0 current·0 all-time
by@volcengine-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name/description match the provided scripts and SKILL.md: all files implement Bytedance/Volcengine TOS 'doc-preview' workflows (PDF/image/HTML/batch). However the registry metadata lists no required environment variables/primary credential while the SKILL.md and all scripts clearly require TOS credentials (TOS_ACCESS_KEY, TOS_SECRET_KEY, TOS_ENDPOINT, TOS_REGION) plus typical config (TOS_BUCKET, TOS_OBJECT_KEY). This metadata omission is inconsistent and could mislead users about required secrets.
Instruction Scope
The runtime instructions and scripts consistently describe generating pre-signed URLs via the tos SDK and performing HTTP requests to fetch previews or trigger server-side saves. They operate on the stated service (TOS) and only reference expected files/headers (e.g., x-tos-total-page) and decode an HTML token via URL-safe base64 for HTML previews. There are no instructions to read unrelated system files or exfiltrate data outside TOS endpoints.
Install Mechanism
There is no install spec — risk is low. The repository includes a minimal requirements.txt (only 'tos') and example scripts. Nothing in the manifest attempts to download or execute arbitrary remote archives. The only external dependency is the public 'tos' Python package.
!
Credentials
The skill needs sensitive credentials and config (TOS_ACCESS_KEY, TOS_SECRET_KEY, TOS_ENDPOINT, TOS_REGION, and commonly TOS_BUCKET/TOS_OBJECT_KEY). That is proportionate to the task. The concern is that the registry metadata and declared 'primary credential' fields do not reflect these requirements (they're listed as none), which is a mismatch that could hide the need to supply secrets. Also the skill will accept full AK/SK credentials — users should prefer short-lived STS tokens and least-privilege keys.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills or system-wide agent settings. It performs normal local file writes for downloaded previews and may ask TOS to save processed results back to a bucket (via x-tos-save-bucket/object) — both are expected for the stated functionality.
Scan Findings in Context
[base64-block] expected: The repository and SKILL.md/README include a long URL-safe base64 token example used to illustrate HTML-preview parsing and decoding. This is expected for the feature (scripts parse and urlsafe-base64-decode tokens) and is not, by itself, an injection attempt — but long embedded tokens can trigger heuristics.
What to consider before installing
What to consider before installing: - The scripts require TOS credentials and configuration (TOS_ACCESS_KEY, TOS_SECRET_KEY, TOS_ENDPOINT, TOS_REGION, and typically TOS_BUCKET and TOS_OBJECT_KEY). The registry metadata incorrectly omitted these requirements — assume you must supply them. - These are sensitive credentials. Prefer using short-lived STS credentials (TOS_SECURITY_TOKEN) and least-privilege keys (read-only for preview, or a narrowly-scoped write permission if using save-to-bucket). Do not provide full account keys unless necessary. - Review the included scripts yourself (they are shipped with the skill). They generate pre-signed URLs and make HTTP requests to TOS, save files locally, and optionally request TOS to write converted outputs back to a bucket. Ensure output paths and save buckets are what you expect. - The README/SKILL.md include large base64 tokens as examples for HTML-preview decoding; these are sample data used by the parsing logic and not necessarily malicious, but confirm any real tokens/URLs you use are legitimate. - Verify the 'tos' Python package is the official SDK from a trusted source (PyPI) before pip-installing it in your environment. - Run the skill in a controlled environment the first time (isolated VM/container), and avoid exposing high-privilege keys. If you test with production credentials, consider rotating them afterwards. If you want to proceed: provide minimally-privileged credentials, or use an STS token, and double-check TOS_BUCKET/TOS_OBJECT_KEY values. If you do not control the skill's origin/trust, treat it as untrusted code and review thoroughly before supplying secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk978pr4bzhtrnatr5ancbkadtd83ww08

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments