Back to skill

Security audit

devtools-devtools-common-huawei-cloud-find-skills

Security checks across malware telemetry and agentic risk

Overview

This Huawei Cloud skill finder is mostly transparent, but it directs broad, non-interactive installation of other skills that can persistently change the agent environment.

Use this only when you explicitly want to find or install Huawei Cloud skills. Before running the install step, review the matched skill and confirm you trust its source, because the documented commands install remote skill code non-interactively and the installed skill may then guide cloud-management actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a mismatch because the declared purpose explicitly includes installing Huawei Cloud skills, but the code only searches and lists skills from a remote index and never performs any installation action. The external fetching, category filtering, and keyword expansion are consistent with search/discovery functionality, but the absence of installation is a material gap between description and behavior.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
L203 states the skill is 'read-only' and does not create cloud resources, but the documented core workflow includes Step 3 installation commands that modify the local environment by adding skills with `npx skills add` or `npx clawhub install` (L129-L145). This is an active contradiction in the file's own intent documentation, not merely an omitted implementation detail.

Vague Triggers

High
Confidence
96% confidence
Finding
The manifest says to invoke the skill to 'search, discover, browse, find and install any Huawei Cloud agent skill' and later instructs 'For any Huawei Cloud query or management task' to use this skill first. That scope is much broader than a narrowly defined trigger and can overlap with many ordinary Huawei Cloud requests, creating a risk of unintended invocation without clear boundaries or exclusions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document directs the agent to run `npx skills add` or `npx clawhub install` commands with `-y`, which performs package/skill installation non-interactively. Although the commands are documented, there is no user-facing warning that installation modifies the local environment or recommendation to confirm before proceeding.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.