Skills
skills/bytedance/agentkit-samples/skills-registration/Gen Agent Trust Hub

skills-registration

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a Python script that interacts with the local file system to package skills.
  • It uses the zipfile module to archive local directories into a .zip file located in the outputs/ directory.
  • It utilizes argparse to accept local directory paths from the user.
  • [EXTERNAL_DOWNLOADS]: The script performs network operations to upload data and register services with Volcengine.
  • It connects to sts.volcengineapi.com to retrieve account identity information using STS (Security Token Service).
  • It uploads the generated zip archive to Volcengine TOS (TOS) via the VeTOS client.
  • It makes API calls to open.volcengineapi.com to register the skill using the CreateSkill action.
  • [CREDENTIALS_UNSAFE]: The skill manages cloud credentials to perform its registration tasks.
  • It requires VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY environment variables.
  • The instructions in SKILL.md guide the AI agent to assist the user in setting up these credentials by writing them to a workspace environment file if they are missing. This is a standard setup helper and does not involve hardcoded secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 03:50 AM