arkcli-helper

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to download and install the @byted-supabase/cli package from the public npm registry, enabling database integration capabilities. This is a legitimate vendor tool provided by the author.\n- [COMMAND_EXECUTION]: It invokes the arkcli binary and the byted-supabase-cli to perform configuration management, authentication, and MCP server injection tasks across various supported AI agents.\n- [DATA_EXFILTRATION]: The skill retrieves and stores Volcengine API keys and authentication tokens in local configuration files (such as ~/.claude.json and ~/.trae/mcp.json) to authorize the host AI agent to use Volcengine Ark services. This behavior is consistent with the skill's primary function as a configuration manager.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 08:29 AM
Security Audit — agent-trust-hub — arkcli-helper