ClawHub

华为云异常检测技能

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it automatically creates temporary cloud credentials and checks billing balance while documenting only CTS read permission.

Install only if you are comfortable granting this skill access to Huawei Cloud audit logs, temporary credential creation, and billing balance data. Use a least-privilege test account first, verify the exact IAM/BSS permissions required, and avoid enabling scheduled runs until the billing check is optional or clearly approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation advertises a billing/arrears check while later claiming only `cts:trace:list` permission is required, which is inconsistent and can mislead users about the actual scope of access and data being queried. In a cloud security skill, inaccurate permission disclosure is dangerous because operators may authorize or run capabilities they did not properly review, and any hidden dependency on billing/account APIs expands access beyond audit-log inspection.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The script claims to only check CTS anomalies, but it also creates temporary access keys and queries account billing/debt status. This hidden expansion of scope violates least surprise and causes the tool to access credential and financial-account data beyond its stated purpose, which is risky in an agent skill context where operators may grant trust based on the description alone.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad and conversational, such as asking to 'check recent abnormal operations,' which could match ordinary user speech and invoke log-query behavior without sufficiently deliberate intent. Because this skill accesses cloud audit context, accidental invocation can expose sensitive operational details, user identities, failed auth events, and resource actions to someone who did not explicitly request a security audit.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation provides a ready-to-run command with a real-looking project ID but does not warn that execution queries cloud audit logs, which may contain sensitive security and operational data. This lowers the barrier to running the tool against production environments and may normalize copying identifiers into commands without understanding data exposure, authorization, or logging implications.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger example "看看最近有什么异常操作" is broad and conversational, making accidental invocation plausible when a user is asking generally about recent activity rather than explicitly invoking this skill. Because the skill performs cloud audit queries and analyzes potentially sensitive operational logs, unintended activation could expose audit metadata or cause the agent to act in a security-sensitive context without clear user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script silently requests temporary cloud credentials and then accesses billing/debt information without clearly informing the user. In an agent skill, undisclosed access to credentials and financial/account metadata increases the chance of over-privileged execution and unauthorized collection of sensitive operational data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal