Aliyun Alb Manage

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Alibaba Cloud ALB management toolkit, but users should treat its lifecycle scripts as production-impacting admin tools.

Install only if you intend to let the agent administer Alibaba Cloud ALB resources. Use least-privilege Alibaba Cloud credentials, confirm region and resource IDs before any lifecycle command, take before/after snapshots, and be especially careful with stop, delete, remove, and deletion-protection commands because they can interrupt traffic or make deletion possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents destructive operations such as deleting load balancers, listeners, server groups, and rules without an explicit warning about service impact, downtime, or irreversibility. In an infrastructure-management skill, that omission increases the chance of accidental destructive actions against production resources.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This script performs a destructive administrative action immediately after parsing arguments, with no confirmation prompt, dry-run mode, or other guardrail. In the context of an ALB management skill, stopping a listener can cause service disruption or outage if the wrong listener ID or region is supplied, so accidental misuse is a real operational security risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal