Alicloud Security Center Sas

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Alibaba Cloud Security Center helper that uses expected cloud credentials and writes local output, with no artifact evidence of hidden or malicious behavior.

Install only if you want an agent to help manage Alibaba Cloud Security Center. Use a dedicated least-privilege Alibaba Cloud AccessKey, confirm any create/update/modify/set action before it runs, and review generated files under output/alicloud-security-center-sas/ before sharing them because they may contain security-resource details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs use of environment variables for Alibaba Cloud credentials, network access to Alibaba OpenAPI metadata/services, and local file writes, but does not declare corresponding permissions. Undeclared capabilities reduce transparency and can cause the agent to access secrets, make outbound requests, or persist artifacts without an explicit trust boundary, which is a real security concern even if the stated use is administrative.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill claims it manages Security Center resources and workflows, but the described executable path centers on metadata discovery and generation of local API inventory artifacts rather than actual Sas resource operations. This mismatch is dangerous because users or orchestrators may invoke the skill expecting operational management while it instead performs different network/file actions, undermining informed consent and increasing the chance of unintended data handling.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation text says to use the skill whenever the user needs security workflow issues, resource operations, configuration updates, status queries, and troubleshooting for Sas, which is broad enough to trigger on loosely related security requests. Overbroad routing can cause the agent to select a skill that reads credentials, performs network discovery, or suggests mutating cloud actions in contexts where the user did not intend to authorize such behavior.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The skill directs use of sensitive environment variables and shared credential files but does not include an explicit warning about secret handling, redaction, or never echoing credential values. In a credential-bearing cloud administration context, that omission increases the risk of accidental exposure in logs, saved artifacts, or conversational output.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal