ClawHub

odps-sql

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Alibaba Cloud MaxCompute query helper, but it can run unrestricted SQL with cloud credentials and has weak credential scoping that users should review carefully.

Install only if you intend to let the agent access your Alibaba Cloud ODPS/MaxCompute project. Use a least-privilege, preferably read-only RAM credential, review SQL before execution, avoid running the helper from directories with unrelated .env files, and do not store or share production access keys unnecessarily.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill explicitly depends on sensitive environment variables containing Alibaba Cloud credentials, yet the metadata only declares runtime requirements and not an explicit permission model or safety boundary for secret use. In a skill that can execute queries against cloud data, undeclared secret access increases the risk of over-privileged execution, accidental credential exposure, or unauthorized data access without clear user awareness.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The trigger language is broad enough to match generic requests about querying, analyzing, or exploring data, which can cause the skill to activate in situations the user did not intend. Because this skill can run SQL against a live MaxCompute environment, overbroad routing materially raises the chance of unintended database access, unnecessary data exposure, or execution in the wrong context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup instructions direct the user to copy and populate a .env file with cloud access credentials but do not warn that these values are highly sensitive secrets that must not be logged, committed, or shared. In the context of a data-query skill, this omission is dangerous because it normalizes handling production credentials without guardrails, increasing the likelihood of credential leakage and downstream compromise of cloud data resources.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal