Alicloud Security Kms

Security checks across malware telemetry and agentic risk

Overview

This Alibaba Cloud KMS skill is purpose-aligned and not deceptive, but it should only be used with tightly scoped cloud credentials.

Install only if you intend to let an agent help administer Alibaba Cloud KMS. Use a dedicated least-privilege AccessKey rather than broad shared account credentials, verify the region and key/resource IDs, and manually approve create, update, policy, disable, deletion, or other mutating operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill uses sensitive capabilities including environment-variable access, local file writes, and network access, but it does not declare permissions or boundaries for those actions. In a security-sensitive KMS context, this reduces transparency and can lead to unintended credential exposure, unauthorized outbound requests, or artifact persistence without clear user awareness.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: The documented purpose says the skill manages Alibaba Cloud KMS resources and operations, but the described executable behavior centers on OpenAPI metadata discovery and local documentation generation. This mismatch can mislead operators about what the skill actually does, causing inappropriate trust, unexpected network activity, or unsafe use in workflows that assume direct KMS management behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal