Back to skill

Security audit

storage-obs-huawei-cloud-obs-upload

Security checks across malware telemetry and agentic risk

Overview

This Huawei OBS skill appears to be a normal cloud-storage helper, but its activation scope is too broad for a skill that may handle uploads and cloud credentials.

Install only if you specifically want an agent to help with Huawei Cloud OBS. Before using it, make sure upload, delete, or credential-related actions are confirmed explicitly and that the skill is not being invoked for generic file-upload tasks that should go somewhere else.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is broad enough to match generic storage and upload requests such as 'upload file', 'upload directory', or 'object storage', which can cause the skill to activate outside the intended Huawei OBS context. In an agent system, overbroad routing can send user data or file-operation requests to a cloud-upload skill unexpectedly, increasing the chance of unintended local file enumeration, cloud actions, or credential-check flows.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.