Alicloud Ai Cloud Call Center

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Alibaba Cloud CCC helper, but it gives an agent broad credentialed cloud-change guidance without enough explicit approval safeguards.

Install only if you want an agent to help operate Alibaba Cloud CCC. Use least-privilege RAM credentials, prefer a test or non-production account first, restrict use to Alibaba Cloud endpoints and the documented output directory, and require explicit approval before any Create, Update, Modify, Set, or Delete-style operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill declares no permissions while clearly instructing use of environment credentials, local file writes, and outbound network access to Alibaba Cloud metadata and business APIs. This under-specification is dangerous because it hides the real trust boundary from users and reviewers, making unintended credential use, data exfiltration, or cloud-side changes easier to trigger without informed consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The skill claims to manage CCC resources, but the documented quickstart primarily performs metadata discovery, API enumeration, and local artifact generation. That mismatch is risky because users may authorize the skill for operational management while it also performs broader reconnaissance and writes additional local outputs that were not clearly disclosed in the primary description.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The activation condition says to use the skill whenever the user is working on CCC operations, which is broad enough to trigger in many ambiguous situations. In a cloud-management context, overbroad routing increases the chance the agent will access credentials, inspect resources, or prepare mutating API workflows when the user only wanted advice or high-level information.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The workflow explicitly recommends Create, Update, Modify, and Set operations but does not require an explicit warning or confirmation about operational impact. In a cloud call-center environment, accidental mutation can disrupt production telephony configuration, routing, users, or service availability, making the context more dangerous than a read-only informational skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal