Alicloud Database Analyticdb Mysql

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Alibaba Cloud AnalyticDB management helper with expected credential use, API discovery, and local output files.

Install only if you want an agent to help manage Alibaba Cloud AnalyticDB for MySQL. Use least-privilege RAM credentials, review region and resource IDs carefully, and explicitly approve create, update, modify, set, or delete operations because they can affect billable cloud resources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill declares no permissions while its documented workflow clearly relies on environment-variable credentials, network access to Alibaba/OpenAPI metadata endpoints, and local file writes under the output directory. This creates a transparency and governance gap: users or platform controls may not realize the skill can access sensitive credentials and perform external calls, increasing the chance of unintended secret exposure or unreviewed capability use.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill is presented as managing AnalyticDB resources, but the documented executable quickstart performs metadata enumeration and writes API inventory artifacts locally. This mismatch can mislead operators about what the skill actually does, weakening informed consent and review; a user expecting direct resource management may unknowingly permit broader reconnaissance-style API discovery and artifact generation.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation text is broad enough to match many generic database lifecycle, configuration, and troubleshooting requests without tight boundaries. In an agent environment, over-broad routing can cause this skill to activate in contexts where credentialed cloud API access, metadata discovery, or mutating operations are unnecessary, increasing the risk of unintended actions against cloud resources.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs use of AccessKey environment variables and shared credential files but does not warn against exposing, logging, or persisting those secrets. In practice, this omission can lead to accidental credential leakage through debug output, artifacts, transcripts, or overly permissive handling, which is especially sensitive in a cloud-management skill.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal