Back to skill

Security audit

Alicloud Security Center Sas

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud Security Center helper that uses expected cloud credentials and writes local discovery output, with no evidence of hidden or malicious behavior.

Install only if you want an agent to help manage Alibaba Cloud Security Center. Use a dedicated least-privilege Alibaba Cloud AccessKey, confirm any create/update/modify/set action before it runs, and review files under output/alicloud-security-center-sas/ before sharing them because they may contain security-resource details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no explicit permissions while instructing use of environment credentials, network access to Alibaba Cloud/OpenAPI endpoints, and local file writes. That mismatch reduces transparency and can cause the agent or reviewer to underestimate what the skill can access or modify, especially because cloud credentials may be consumed implicitly from the environment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill is presented as a Security Center management skill, but its documented executable path emphasizes metadata discovery and local artifact generation rather than direct SAS resource management. This mismatch can mislead users or orchestrators into invoking it for broad security-center operations while it performs additional network/documentation retrieval behavior that was not clearly scoped in the description.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation text is broad enough to match generic 'security workflow' or troubleshooting requests, which could cause the skill to be selected in contexts beyond narrowly defined SAS tasks. In a cloud-security skill that can use ambient credentials and network access, over-broad routing increases the chance of unnecessary credential use, unintended API discovery, or accidental operational changes.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.