arkcli-train-finetune

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the official Ark SDK from the vendor's domain (ark-public-example-cn-beijing.tos-cn-beijing.volces.com) during the fallback setup process. This action is guarded by an explicit user confirmation prompt.
  • [REMOTE_CODE_EXECUTION]: The skill installs and executes the downloaded SDK package (ark_sdk-latest.tar.gz) to perform complex reinforcement learning tasks that exceed the capabilities of the standard CLI.
  • [COMMAND_EXECUTION]: Extensive use of shell commands through arkcli and the ark SDK for authentication, task creation, monitoring, and environment management (e.g., venv creation, pip installation).
  • [CREDENTIALS_UNSAFE]: The skill manages authentication tokens by writing STS (Short Term Session) data to the local configuration file at ~/.ark/authorization.json. It includes safeguards to prevent overwriting existing sessions without user consent.
  • [DATA_EXPOSURE]: Processes user-provided datasets from local files and Volcengine TOS (Object Storage) URLs for training and validation. It implements local validation using structured JSON parsers to ensure data integrity before submission.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 02:03 AM
Security Audit — agent-trust-hub — arkcli-train-finetune