ClawHub

Aliyun Platform Docs Benchmark

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does public documentation benchmarking, but it unnecessarily tells users to configure Alibaba Cloud credentials for a workflow that does not use them.

Review before installing. The benchmarking script itself appears limited to public web/API discovery and local report generation, but users should not provide Alibaba Cloud credentials for this skill unless the publisher clarifies the exact read-only APIs and permissions required. Prefer running it without cloud keys and pin official documentation links manually when accuracy matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs execution of Python scripts that read local files, write artifacts, and perform network discovery, yet it declares no permissions. This creates a transparency and policy-enforcement gap: an agent or reviewer may assume the skill is low-risk while it can access the filesystem and external domains, increasing the chance of unintended data exposure or unauthorized outbound requests.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The prerequisites mention Alibaba Cloud credentials and 'mutating operations' even though the skill is described as a documentation benchmarking tool that should only fetch docs and write local reports. This inconsistency can mislead operators into supplying sensitive cloud credentials unnecessarily, expanding the blast radius if the script is modified, compromised, or unexpectedly performs authenticated requests.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal