火山引擎市场洞察助手。帮助用户获取品牌在各大社交平台和媒体渠道上的公开内容数据,通过 AI 筛选出真正值得关注的信息,并发现潜在商机线索。当用户提到以下任何场景时使用此技能:想知道最近网上有没有人在讨论自己的品牌或产品、想看看竞品最近在社交媒体上有什么动态、想了解某个话题或事件在网上的讨论热度和趋势、想定期获取和...
Security Analysis
medium confidenceSkill mostly implements what it claims (Gateway/SDK switching for Volcengine Insight) but has a few security-relevant behaviors that are surprising or require user attention: it scans shell rc files, can auto-install a Python SDK, and persists credentials in plaintext under persist/, plus debug logging may print response bodies.
Name/description align with the code: client exposes list_custom_subs_task / pull_post / query_clue_info and the code expects either an API Gateway (ARK_SKILL_API_BASE / ARK_SKILL_API_KEY) or official SDK (VOLCSTACK_ACCESS_KEY_ID / VOLCSTACK_SECRET_ACCESS_KEY). Requested env vars and providers are coherent with the declared purpose.
SKILL.md and code instruct the agent to read environment variables, read simple `export` lines from common shell rc files (~/.bashrc, ~/.zshrc, etc.), and persist state/credentials to persist/*. The code also prints a debug snippet of HTTP response bodies (gateway_provider._debug_response_summary) which could expose sensitive response contents despite claims of log sanitization.
Registry has no install spec (instruction-only), but auth_resolver declares it will attempt to auto-install the `volcengine-python-sdk>=5.0.22` (pip). Auto pip install from PyPI is a moderate-risk behavior (expected for using the SDK, but it modifies the runtime environment). The package source appears to be the public package name, not an arbitrary URL.
The skill only requests credentials relevant to the stated providers (ARK_* and VOLCSTACK_*). However it will scan users' home rc files for those variables (read-only) and will persist credentials provided via 'minimal ask' into persist/auth.json in plaintext. Both behaviors are functional but increase exposure of secrets on disk and during logging.
Skill persists state and user-supplied credentials to persist/state.json and persist/auth.json under the skill root. Persisting sensitive credentials in plaintext is a notable risk. The skill is not marked always:true and does not modify other skills, but plaintext storage and auto-install behavior increase its persistence/privilege impact.
Guidance
This skill appears to implement a legitimate Volcengine Insight client, but you should be aware of and accept a few privacy/security tradeoffs before installing: - It will look for credentials in your environment and will read simple `export VAR=VALUE` lines from shell rc files in your home directory (only specific ARK_/VOLCSTACK_ variables). If you keep secrets in rc files, they may be discovered by the skill. - If no credentials are available, the skill will persist credentials you (or the agent) provide into persist/auth.json in the skill folder — unencrypted. If you do not want credentials written to disk, do not use the minimal-ask flow or remove/secure that file after use. - The skill may auto-install the official `volcengine-python-sdk` via pip when the SDK path is needed. If you wish to avoid on-the-fly installs, run in an isolated environment or pre-install the SDK yourself; check for an env var like MARKET_INSIGHT_AUTO_PIP to disable auto-install (quick_validate references this var). - Debug logs include a snippet of HTTP response bodies (up to 500 chars), which could reveal sensitive data. If you run this in a shared or production environment, redirect or suppress debug output and inspect gateway_provider._debug_response_summary behavior. Recommended mitigations before use: 1) Review the code (auth_resolver.ensure_sdk_available and logging) in full and decide whether to allow auto pip installs. 2) Run the skill in an isolated virtualenv/container and pre-install the SDK if needed. 3) Ensure persist/ is placed on secure storage (or remove persist/auth.json and persist/state.json when finished), and restrict file permissions. 4) Avoid storing other secrets in your rc files, or remove those exports before running the skill. 5) If you require stronger protections, request the vendor provide an option to store credentials encrypted or to disable persistence and rc scanning. If you want, I can point out the exact lines that log response bodies and the locations where the skill writes credentials so you can audit or patch them.
Latest Release
v1.0.1
**Summary:** This version introduces a unified and dynamic provider system, a persistent credentials mechanism, and better security/compliance for the market insight agent Skill. - Abstracted Gateway and SDK logic into providers, with dynamic selection based on environment and runtime state. - Added automatic credential detection from environment, shell RC files, and a private persist directory, minimizing interruptions for credential requests. - Now persists provider status and credentials for cross-session reuse, using `persist/auth.json`. - Stronger security: no hardcoded credentials, no auto-upload/deploy logic, and logs are auto-masked for sensitive data. - Self-check script `scripts/quick_validate.py` is included for static environment validation. - Substantial refactor: Deprecated old scripts/APIs, added new provider-agnostic client code and updated documentation for usage and credential flow.
Popular Skills
Published by @volcengine-skills on ClawHub
