Back to skill

Security audit

Aliyun Swas Manage

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Alibaba Cloud server-management skill, but it includes high-impact cloud and SSH changes that need careful review before use.

Install only if you intend to let the agent administer Alibaba Cloud SWAS resources. Use least-privilege or temporary Alibaba Cloud credentials, require explicit approval before any mutating action, and treat fix_ssh_access.py as sensitive because it can create long-lived SSH access and weaken root-login policy on a target instance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs use of environment variables for cloud credentials, writing artifacts to local output directories, and running shell/Python commands, yet it does not declare corresponding permissions. Undeclared capabilities reduce transparency and can lead to execution in contexts where operators do not realize the skill can access secrets, write files, or invoke shell commands against cloud resources.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill is designed for powerful cloud administration actions including starting, stopping, rebooting instances, resetting disks, changing firewall rules, and executing remote commands, but it does not prominently warn that these are potentially disruptive or destructive operations. In this context, the absence of an explicit safety warning increases the chance of accidental production impact, data loss, service interruption, or unintended remote code execution on managed servers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Cloud Assistant guidance explains how to run remote commands and retrieve outputs but does not warn that command output may include secrets, configuration data, tokens, or personal data, nor that commands can arbitrarily modify the target host. Because this skill explicitly supports remote execution across cloud instances, missing these warnings makes sensitive-data exposure and damaging system changes materially more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The generated remote shell script modifies sshd configuration, enables root SSH login, injects an SSH key into authorized_keys, and restarts the SSH service on the target instance. In a cloud management skill, this is contextually plausible administration, but it is still security-sensitive because it can weaken host access controls, create persistent access, and cause lockout or outage if applied incorrectly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.