ClawHub

Alicloud Ai Pai Aiworkspace

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Alibaba Cloud AIWorkspace helper that discloses credential use, network API access, and local output files for its cloud-management purpose.

Install only if you want an agent to help with Alibaba Cloud PAI AIWorkspace tasks. Use least-privilege AccessKeys, set the intended region explicitly, review any create/update/modify/set operation before it runs, and inspect or delete files in output/alicloud-ai-pai-aiworkspace/ if they contain resource IDs or API response details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly instructs use of environment credentials, network access to Alibaba Cloud/OpenAPI endpoints, and writing artifacts to local files, but it does not declare those capabilities as permissions. Undeclared privileged behavior reduces transparency and can lead agents or users to invoke a skill with broader access than expected, increasing the risk of credential use, unintended outbound requests, and local data persistence.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The skill is presented as managing AIWorkspace resources, but the documented executable flow centers on metadata discovery and local artifact generation rather than actual resource lifecycle operations. This mismatch is dangerous because agents may select the skill for sensitive cloud-management tasks under false assumptions, causing unexpected network activity, incomplete task execution, or disclosure of API inventory/documentation data instead of performing the intended bounded action.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal