Back to skill
Skillv1.0.0
ClawScan security
volcengine-web-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 10, 2026, 5:01 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (run a Volcengine web search script) is plausible, but the runtime instructions say it will read cloud credentials (VOLCENGINE_ACCESS_KEY / SECRET) and attempt VeFaaS IAM credentials while the registry metadata does not declare any required environment variables—this mismatch and the presence of an executable script deserve review before installing.
- Guidance
- Before installing: review the scripts/web_search.py source to confirm exactly what it sends/receives and whether it logs or transmits any local data. Do not supply your VOLCENGINE_ACCESS_KEY/SECRET_KEY unless you trust the source; prefer creating a least-privilege API key for testing. Ask the publisher why the registry metadata omits required env vars and why the skill will use VeFaaS IAM credentials. If you want the model to require explicit permission before running networked code, set disableModelInvocation: true or avoid installing skills that can auto-run code with your credentials. If unsure, run the script in a sandboxed environment (isolated VM or container) and inspect network traffic first.
Review Dimensions
- Purpose & Capability
- noteThe skill name/description (volcengine web search) matches the included script that likely calls Volcengine's web search API. Requesting VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY is reasonable for that purpose, but the registry metadata lists no required environment variables—an inconsistency that should be explained.
- Instruction Scope
- concernSKILL.md instructs the agent to run python scripts/web_search.py and explicitly says the script will read VOLCENGINE env vars or use VeFaaS IAM temporary credentials. That means the skill will access cloud credentials and make network calls. The instructions do not show any safeguards or state what data is sent/returned beyond a summary list; reliance on platform IAM creds (VeFaaS) is unexpected and broadens scope.
- Install Mechanism
- okNo install spec (instruction-only) — lowest installer risk. However the skill includes an executable script that will be run from disk; this is low-risk in terms of installation but means you must review the script before executing it.
- Credentials
- concernThe runtime docs declare that the script will read VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY and may use VeFaaS IAM temporary credentials, yet the skill metadata declares no required env vars or primary credential. Asking for cloud credentials is proportionate to web-search functionality, but the omission in metadata and the automatic use of platform IAM credentials are problematic and could grant broader access than the user expects.
- Persistence & Privilege
- noteThe skill is not marked 'always' and no install is required, but disableModelInvocation is not set, so the model could invoke the skill autonomously if enabled. Combined with credential access, that allows the agent to perform networked searches without an explicit user prompt—consider whether you want that behavior.