ClawHub

Alibaba Cloud Model Setup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal Alibaba Cloud Bailian setup helper for OpenClaw, with disclosed configuration changes and credential-handling risks users should understand.

Install only if you want this skill to modify your OpenClaw provider configuration. Prefer environment-variable mode over inline API key storage, avoid passing API keys on the command line, review the config path and backup after running, and be deliberate before setting Bailian as the default model provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs execution of a local Python script that can read and write configuration files, invoke shell commands, and perform network validation, yet the skill declares no permissions. This creates a trust and review gap: users or tooling may treat the skill as low-risk while it has meaningful system and network capabilities, including handling API keys and persistent config changes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The description narrows the skill to Alibaba Cloud/Qwen interactive setup, but the body expands behavior to non-interactive CLI operation and configuration of third-party models such as MiniMax, GLM, and Kimi. This mismatch can mislead users and automated policy systems about the true scope of actions and external services involved, reducing informed consent and increasing the chance of unintended configuration changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document recommends storing a long-lived API key in shell startup files for persistence, which normalizes plaintext credential storage on disk. While common, this increases exposure to local compromise, accidental disclosure through dotfile backups/sync, screen sharing, or repo leakage, especially because the skill is specifically guiding users through provider credential setup.

Session Persistence

Medium
Category
Rogue Agent
Content
- API key storage mode (env-var recommended or inline)
   - Primary model selection
   - Whether to set as default model
4. **Validate API key** against selected site before config write
5. **Backup existing config** before modification
6. **Update config** with provider, models, and defaults
7. **Validate JSON** and report final status
Confidence
78% confidence
Finding
write 5. **Backup existing config** before modification 6. **Update config** with provider, models, and defaults 7. **Validate JSON** and report final status ## Run Script Execute: ```bash python3

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal