Volcengine VeADK Skills

Security checks across malware telemetry and agentic risk

Overview

This VeADK skill generates and saves agent code locally, so it is coherent but users should review the output paths and generated code before running it.

Install this only if you want an agent to generate VeADK project files. Before allowing the save step, check that the destination paths are inside your intended project directory, avoid overwriting existing files unintentionally, and review any generated agent code before running it, especially if it includes a Python code-execution tool.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to invoke a local file-writing script (`python save_file.py --path ... --content ...`) but does not declare permissions or constrain writable paths. In an agent environment, undocumented write capability can be abused to overwrite arbitrary files, drop code artifacts, or persist unwanted content without clear user awareness or consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The stated purpose is VeADK-related agent generation, but the behavior includes generic file creation and saving to arbitrary paths, which is broader than the declared scope. This mismatch is dangerous because users or orchestrators may grant trust based on the description while the skill performs more privileged, generally applicable filesystem actions than advertised.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger conditions are broad enough to match ordinary requests for agent building or code conversion, which can cause the skill to activate in situations beyond its intended safe scope. Overbroad activation increases the chance that file-writing and code-generation behavior is invoked unexpectedly, especially when the user did not specifically request filesystem side effects.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs the agent to save code artifacts via a script, but it does not clearly warn users in advance that it will write files and create directories. Hidden or under-disclosed file-writing behavior is dangerous because it can lead to unintended local changes, overwrites, or persistence of generated code without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal