Skills
skills/volcengine/volcengine-skills/volcengine-tosutil/Gen Agent Trust Hub

volcengine-tosutil

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions and commands to download the tosutil binary from official Volcengine cloud storage endpoints (e.g., volces.com). These are verified vendor resources.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of the tosutil binary on the user's host system to perform object storage operations. This execution is the primary and intended function of the skill.
  • [COMMAND_EXECUTION]: The skill constructs shell commands from user-supplied parameters and executes them via subprocess.run. It uses safe practices like argument list construction and provides documentation for manual installation involving sudo for directory placement.
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive cloud access credentials, including Access Keys, Secret Keys, and STS Tokens. It includes robust logic to redact these credentials from all command previews and logs to prevent accidental exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 07:14 AM
Security Audit — agent-trust-hub — volcengine-tosutil