Byted Viking Developer
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override, base64-block, unicode-control-chars); human review is required before treating this skill as clean.
This looks like a reference/documentation skill rather than executable software. Install it only if you want Viking SDK guidance, verify important examples against official docs, and require explicit confirmation before using any credentialed, destructive, bulk, export, or long-term-memory operation. ClawScan detected prompt-injection indicators (system-prompt-override, base64-block, unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or developer applies these examples to the wrong project, collection, or index, Viking data or resources could be changed or deleted.
The SDK documentation includes destructive and bulk cloud-data operations, such as batch deletion and irreversible index deletion.
`task_type=filter_delete`,可按条件批量删除 Collection 中的文档 ... DeleteVikingdbIndex 接口用于删除指定 Collection 下的索引,删除后无法恢复。
Use these docs with explicit user confirmation for destructive actions, test on non-production resources first, and keep backups or rollback plans.
Provider credentials can authorize real account operations, so misuse or overly broad credentials could affect cloud resources and data.
The documentation shows use of provider access credentials for signed API requests, including PrivateLink examples.
def prepare_request(method, path, ak, sk, ...): ... r.set_shema("http") ... credentials = Credentials(ak, sk, "air", "cn-north-1")Use least-privilege AK/SK or temporary credentials where possible, avoid pasting secrets into chat logs, and verify endpoint and project scope before running examples.
Applications built from these docs may persist personal or behavioral information, which can create privacy and retention obligations.
The skill explicitly covers long-term memory systems that store and retrieve user profiles and event memories.
适用于构建具备长期记忆能力的 AI Agent,支持存储和检索用户画像及事件记忆。
Define consent, retention, deletion, and data-minimization rules before storing user profile or event memories.
Users have less provenance information for confirming that examples match official Viking or Volcengine documentation.
The registry metadata does not provide an upstream source or homepage for verifying the documentation bundle.
Source: unknown; Homepage: none
Before using examples for production or credentials, compare critical snippets with official provider documentation.