ClawHub

Alicloud Backup Hbr

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud Backup helper, but it can use cloud credentials to make real backup and restore configuration changes.

Install only if you want an agent to help manage Alibaba Cloud HBR. Use least-privilege Alibaba Cloud credentials limited to the needed account, region, and backup actions; confirm resource IDs and region before any Create, Update, Modify, Set, restore, or delete-like operation; and review local output files before sharing the workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation guidance is broad enough to match many generic backup-related requests, including potentially sensitive restore or configuration actions. Weak trigger boundaries raise the risk of accidental activation of a skill that can access credentials, make cloud API calls, and change backup-related settings.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes mutating backup and restore operations but does not require a clear warning or confirmation about operational impact, such as policy changes, restore side effects, or data overwrites. In a cloud backup context, unintended mutation can affect recoverability, retention, compliance posture, and production workloads.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
Allowing the agent to choose a 'most reasonable region' when none is specified can direct operations to the wrong cloud region, leading to incorrect inventory, configuration changes, or restore actions. In backup management, region mistakes can cause operational confusion and potentially impact the wrong resources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal