ClawHub

Alicloud Ai Search Opensearch

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud OpenSearch helper, but it uses cloud credentials and mutates a remote index while explicitly configuring an insecure HTTP connection.

Review before installing. Use this only for intended Alibaba Cloud OpenSearch work, prefer or require HTTPS/TLS before running any example, use least-privilege test credentials and a non-production datasource first, and remember the quickstart will add sample documents to the configured remote index.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly depends on sensitive environment variables for endpoint and authentication, yet the metadata declares no permissions or capability boundaries. This can mislead users and orchestration systems about what the skill can access, increasing the risk of unintended secret exposure or unauthorized execution in environments that assume least privilege.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to provide credentials and demonstrates mutating operations like document pushes, but it does not prominently warn about secret handling, write-side effects, or the need to confirm authorization before modifying data. In agent-driven workflows, this raises the chance of accidental credential leakage, writes to production indexes, or unsafe automation against the wrong target.

Missing User Warnings

High
Confidence
98% confidence
Finding
The client configuration explicitly sets `protocol="http"`, so credentials (`OPENSEARCH_USERNAME`/`OPENSEARCH_PASSWORD`) and all pushed documents and search queries are transmitted without transport encryption. This exposes secrets and potentially sensitive indexed content to interception or modification by any attacker on the network path, which is especially dangerous in a RAG/vector-search workflow where documents may contain proprietary or personal data.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal