ClawHub

aliyun-oss-upload

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says: it uploads user-chosen files to Aliyun OSS and creates temporary access links, with no evidence of hidden exfiltration or persistence.

Install only if you intend to let the agent upload selected local files to your Aliyun OSS bucket. Use dedicated least-privilege RAM credentials or temporary STS credentials, avoid broad account keys, keep signed URL expirations short, and confirm that files are safe to upload before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill documentation requires use of sensitive OSS credentials via environment variables, but the skill metadata shown does not declare that it needs access to environment-based secrets. That mismatch can weaken user awareness and platform controls, increasing the chance that an agent is granted implicit access to credentials without explicit review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions ask users to set long-lived access key ID and secret values, but do not warn that these are highly sensitive credentials that must not be logged, shared, committed, or exposed in shells and transcripts. This creates a realistic risk of credential leakage, which could allow unauthorized access to the OSS bucket or broader cloud resources depending on key scope.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is designed to upload local files to cloud storage and generate shareable signed URLs, but it does not warn users about data exfiltration, accidental upload of sensitive local files, or the risks of redistributing temporary links. In an agent context, this omission is security-relevant because users may not realize that local data is being transferred off-host and made accessible to others for the duration of the URL.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal