ClawHub

Byted Volc Cdn Manage

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate CDN management skill, but it can make live Volcengine CDN changes and handles powerful credentials with limited safety warnings.

Install only if you are comfortable giving this skill access to Volcengine CLI credentials that can manage CDN resources. Use least-privilege AK/SK credentials, avoid pasting real secrets into commands or examples, verify every domain and URL before submitting, and treat refresh/preload/add-domain scripts as live production-affecting operations, not dry runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes CDN refresh and preload operations as routine workflows without clearly warning that they can immediately modify live cache state and affect what end users see. In production, an operator could unintentionally invalidate critical cached assets, trigger origin load spikes, or expose newly changed content before intended rollout controls are in place.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells users to configure AK/SK credentials but does not explain that these are sensitive secrets that grant API access and must not be exposed in logs, scripts, screenshots, or shared terminals. This omission increases the risk of credential leakage and subsequent unauthorized CDN/domain management actions through the user's account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example for private TOS origin includes explicit credential fields (`AccessKeyId` and `AccessKeySecret`) embedded in documentation, even though they are placeholder values. In a skill that helps manage CDN domains via CLI, users may copy-paste examples directly and substitute real secrets into shell history, shared docs, logs, or version control without any warning about sensitive secret handling, increasing credential exposure risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide tells users to pass AccessKey and SecretKey directly as command-line arguments to `ve configure set`. Secrets supplied on the command line can be exposed through shell history, process listings, terminal logging, and audit tooling, which creates a real credential leakage risk even in otherwise legitimate documentation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script performs a real `ve cdn AddCdnDomain` API call using whatever AK/SK credentials are already configured, but it does not clearly warn the user that invoking this step will transmit account-authenticated configuration to Volcengine and create/modify remote resources. In an agent-skill context, this is more dangerous than a normal admin script because users may treat the workflow as a dry-run helper and not realize it causes an authenticated external side effect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal