volcengine-mongodb
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard cloud management tool for Volcengine MongoDB.
- [CREDENTIALS_UNSAFE]: The skill requires "VOLCENGINE_ACCESS_KEY" and "VOLCENGINE_SECRET_KEY" for authentication. It follows security best practices by requesting these via environment variables rather than hardcoding secrets or storing them in plain text files.
- [EXTERNAL_DOWNLOADS]: The skill uses the official "volcengine-python-sdk" package, which is the legitimate library provided by the vendor (Bytedance) for managing Volcengine resources.
- [COMMAND_EXECUTION]: The agent is instructed to execute "scripts/call_mongodb.py" using "uv" or "python". The script uses "argparse" to handle CLI arguments, which is a secure way to process user input without risk of shell injection.
Audit Metadata