arkcli-shared
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate configuration layer for the 'arkcli' tool by Volcengine. All external references, including the npm installation command '@volcengine/ark-cli', point to official vendor resources.
- [SAFE]: Security is prioritized through explicit instructions to never output full secrets, API keys, or tokens. It also mandates that explaining/debugging output should go to stderr to avoid polluting structured stdout results.
- [SAFE]: A human-in-the-loop mechanism is enforced for high-risk operations such as deleting profiles, rotating API keys, or creating endpoints. The agent is instructed to use the AskUser tool to obtain explicit confirmation before proceeding with these actions.
- [SAFE]: Authentication workflows are handled securely, including a specific 'two-stage' login process for non-interactive (non-TTY) environments that prevents common pitfalls like credential leakage in logs or session blocking.
- [SAFE]: The skill implements strict command routing rules to ensure the agent uses specialized product commands (like '+chat' or '+gen') instead of potentially more dangerous raw API calls unless absolutely necessary.
Audit Metadata