ClawHub

Alicloud Compute Ecs

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Alibaba Cloud ECS administration skill, but it should be used carefully because it can operate on live cloud infrastructure.

Install only if you intend to let the agent help administer Alibaba Cloud ECS. Use least-privilege RAM credentials, confirm the exact region and resource IDs before mutating actions, and require explicit approval before remote commands, instance deletion, disk reset/replacement, snapshot or image deletion, or security group changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section documents running arbitrary remote commands on ECS instances via Cloud Assistant and even gives a concrete example, but it does not include a clear warning that the action executes code on production systems and may disrupt workloads, alter state, expose data, or violate change-control requirements. In a cloud-management skill, operationally impactful actions need explicit safety gating because a user or downstream agent could treat the example as routine diagnostic behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises broad ECS management including destructive operations such as deleting instances, replacing/resetting disks, deleting snapshots/images, and modifying security groups, but it does not prominently warn about possible downtime, irreversible data loss, or network exposure. Because this skill targets live infrastructure administration, the lack of explicit cautions and approval boundaries materially increases the risk of unsafe or accidental execution.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal