Back to skill

Security audit

bigdata-dws-huawei-cloud-dws-dymem-diag

Security checks across malware telemetry and agentic risk

Overview

The skill performs a disclosed, read-only Huawei Cloud DWS memory diagnosis and creates a local HTML report, with no evidence of deception, exfiltration, or destructive behavior.

Before installing, confirm that users are comfortable allowing the agent to query DWS diagnostic metrics through existing Huawei Cloud credentials and to leave a timestamped HTML report in the workspace. Treat generated reports as sensitive because they may include cluster identifiers, host details, database usernames, and SQL text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to save a generated HTML report into the local workspace, creating a side effect beyond its stated diagnostic/output function. Unrequested file creation can persist sensitive operational data locally and violates least-privilege expectations for a diagnostic skill, especially when the user is not clearly informed.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Local file-write capability is not necessary for performing memory diagnosis itself; it expands the skill's authority from read/analysis into persistence. That increases the attack surface for data leakage, unintended artifact accumulation, or abuse of the workspace as covert storage if the skill is triggered repeatedly.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad terms such as 'OOM', 'high memory', and 'memory usage' that are not tightly scoped to DWS, increasing the chance of unintended activation in unrelated contexts. Because the skill performs autonomous environment checks and data collection, accidental invocation can lead to unnecessary access to cluster metadata and metric queries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill mandates writing an HTML report to the workspace without a user-facing warning or consent step. This is dangerous because the report may contain sensitive cluster names, node names, IPs, usernames, and SQL text, all of which become persistent local artifacts that users may not expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.