ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Viking Developer

v1.0.0

指导开发者接入与使用Viking SDK, 覆盖 Viking 向量库、知识库、记忆库的安装、鉴权、接口调用与问题诊断, 当用户需要调用Viking SDK进行业务代码开发和Viking相关问题问答时使用.

0· 40·0 current·0 all-time
by@volcengine-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description promise a developer guide for Viking SDKs; included files are extensive SDK docs and examples for VikingDB, KnowledgeBase and Memory in multiple languages. There are no unrelated binaries, env vars, or install steps requested — the requested surface is proportional to a docs-only SDK helper.
Instruction Scope
SKILL.md and resource files are documentation and code samples for SDK usage, private-link setup, signature generation, etc. They do not instruct the agent to read unrelated system files or to exfiltrate data. However the pre-scan detected 'system-prompt-override', 'base64-block', and 'unicode-control-chars' patterns in SKILL.md (possible prompt-injection artifacts). Also the SKILL.md says it requires other tools (Trae, OpenCode, Codex, Antigravity) and 'does not support OpenClaw' — that is an odd constraint for an OpenClaw skill and may be misleading for users expecting native OpenClaw integration.
Install Mechanism
This is instruction-only with no install spec and no code files to write/execute. That is the lowest-risk install mechanism and consistent with being a documentation skill.
Credentials
The skill declares no required environment variables or credentials (none in requires.env). Resource examples include code that takes AK/SK and shows how to sign requests and use private endpoints (e.g., SignerV4 usage, placeholders like ak/sk, 'your host'), which is expected for SDK docs but means the skill contains examples that, if executed, require secrets. The absence of declared required env vars is coherent for documentation, but be cautious: if you plan to use code snippets you must provide AK/SK — the skill will not manage or request them explicitly.
Persistence & Privilege
always:false and no special persistence or privileged actions requested. The skill does not request to modify other skills or system settings.
Scan Findings in Context
[system-prompt-override] unexpected: A 'system-prompt-override' pattern was detected in SKILL.md content by the regex scanner. A developer guidance skill should not include constructs that try to replace or manipulate the agent system prompt; inspect the raw SKILL.md for hidden instructions or injected prompt text.
[base64-block] unexpected: A 'base64-block' pattern was flagged. Large base64 blobs in a docs-only skill are unexpected and may hide obfuscated payloads or data; check for any base64-encoded sections in the resources and decode them to verify they are benign (e.g., images) before trusting the skill.
[unicode-control-chars] unexpected: Detection of 'unicode-control-chars' suggests there may be hidden control characters (e.g., to obfuscate or alter displayed content). These can be used to hide instructions or injection payloads; review the raw files (not a rendered view) and remove/confirm any unexpected control characters.
What to consider before installing
This package appears to be a documentation-heavy Viking SDK developer guide (Python/Go/Java) and is generally coherent for that purpose, but proceed cautiously: 1) Inspect SKILL.md and the included resource files in a text editor that shows hidden/control characters; search for and decode any base64 blobs to confirm they are just images or legitimate data. 2) Look for any hidden or overwritten system-prompt text or explicit instructions telling the agent to run arbitrary commands — the scanner flagged prompt-injection patterns which can be benign false positives but merit manual review. 3) The docs include sample code that expects AK/SK and private endpoints; do not paste production credentials into unknown examples. If you plan to run samples, do so in an isolated environment and use limited-scope/test credentials. 4) Confirm the 'requires other tools / not supported on OpenClaw' note — if you rely on OpenClaw native behavior, test that the skill actually works as expected. 5) If you are unsure, keep this skill read-only (no autonomous invocation), validate contents manually, and only provide secrets after auditing the snippets that will use them.
!
resources/Viking 知识库/SDK参考/Go SDK/核心流程.md:108
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk972y821xxntcxe1nfnvq02g4x83x11y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments