Alicloud Observability Sls Log Query

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Alibaba Cloud SLS log-query helper; it uses cloud credentials and can expose log contents, but that access is disclosed and aligned with its purpose.

Install only if you intend to let the skill query Alibaba Cloud SLS logs. Use read-only, least-privilege Alibaba Cloud credentials scoped to the needed SLS projects and logstores, avoid production admin keys, do not echo or commit secrets, and be careful saving or sharing printed log output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill instructs users to set long-lived cloud access key environment variables without any guidance on secure handling, rotation, least privilege, or avoiding accidental disclosure in shells, logs, and shared environments. In a cloud-observability context, these credentials can grant broad access to log data and potentially other cloud resources if overprivileged.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal