ClawHub

Aliyun Sas Manage

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud Security Center helper that can use cloud credentials and make user-directed security-management changes, but I found no hidden or deceptive behavior.

Use this only with least-privilege Alibaba Cloud credentials. Confirm the region, resource IDs, and exact API action before any mutating Security Center operation, and review or clean up files under output/aliyun-sas-manage/ if they contain sensitive cloud security details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions even though its documented workflow uses environment variables for credentials, performs network access to Alibaba Cloud metadata/services, and writes artifacts to local files. This creates a capability-transparency problem: operators may approve or run the skill without realizing it can access secrets, reach external endpoints, and persist data, increasing the chance of unintended credential exposure or unsafe execution in restricted environments.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill is presented as managing Security Center resources and workflows, but the concrete executable guidance centers on fetching OpenAPI metadata, enumerating APIs, and saving derived inventories locally. That mismatch can mislead users and reviewers about what the skill actually does, causing it to be invoked in contexts where network enumeration and local artifact generation were not expected, which weakens trust and review effectiveness.

VirusTotal

No VirusTotal findings

View on VirusTotal