Back to skill

Security audit

storage-obs-huawei-cloud-cci-instance-management

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Huawei Cloud CCI operations guide that can change cloud resources, but its risky actions are purpose-aligned and guarded by explicit confirmation rules.

Install only if you intend the agent to help manage Huawei Cloud CCI resources. Use least-privilege Huawei Cloud credentials, verify the target region and namespace before mutation commands, require explicit confirmation before deletes, and do not share credential values or debug output that may contain sensitive request details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes very broad terms such as 'namespace', 'deployment', and 'pod', which are common across many Kubernetes and cloud contexts. This can cause the skill to activate in conversations that are not specifically about Huawei Cloud CCI, increasing the chance that destructive or credential-sensitive guidance is surfaced in the wrong context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.