Aliyun Dns Cli

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Alibaba Cloud DNS helper, but it can install a CLI, use cloud credentials, and change DNS records when directed.

Install only if you intend to let an agent help manage Alibaba Cloud DNS. Use a dedicated least-privilege RAM credential, avoid pasting long-lived secrets into chat, verify the aliyun CLI source or pin a trusted release if possible, and require explicit confirmation before any DNS record is added or changed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash curl -fsSL https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz -o /tmp/aliyun-cli.tgz mkdir -p ~/.local/bin tar -xzf /tmp/aliyun-cli.tgz -C /tmp mv /tmp/aliyun ~/.local/bin/aliyun chmod +x ~/.local/bin/aliyun
Confidence: 60% confidence
Finding: mkdir -p ~/.local/bin tar -xzf /tmp/aliyun-cli.tgz -C /tmp mv /tmp/aliyun ~/.local/bin/aliyun chmod +x ~/.local/bin/aliyun ``` ## Configure Credentials ```bash ~/.local/bin/aliyun configure set \

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal