ClawHub

Aliyun Skills

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud CLI helper, but it can guide powerful cloud administration actions and should be used carefully.

Install only if you want the agent helping with Alibaba Cloud administration. Use least-privilege RAM roles or temporary credentials, verify the active profile, region, and resource IDs before running commands, require explicit confirmation before delete or exposure changes, and do not paste real AccessKeys, passwords, private keys, signed URLs, or debug logs into chat or shared terminals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill activation criteria are broad enough to trigger on generic mentions of Alibaba Cloud products rather than clear intent to use the Aliyun CLI. That can cause the agent to invoke a high-impact cloud-management skill in ambiguous situations, increasing the chance of unintended operational guidance or destructive command generation against cloud resources. In this context, the risk is elevated because the skill enables actions across compute, networking, storage, IAM, and databases.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation includes a command that resets the permanent ACR login password using an inline literal secret, but it provides no warning about credential rotation impact, secure secret entry, or downstream systems that may break after rotation. In an admin-focused cloud skill, readers may copy-paste this directly, exposing secrets in shell history and unintentionally invalidating existing automation or access paths.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The namespace deletion example documents an irreversible destructive action without any cautionary language, confirmation guidance, or advice to verify the target instance and namespace first. In a cloud management skill, omission of these safeguards increases the chance of accidental deletion of container assets and service disruption.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The repository deletion command is presented as a normal example without warning that image history, tags, and deployment dependencies may be affected or lost. Because this skill is specifically for managing Alibaba Cloud resources, users are likely to execute such commands operationally, making accidental production impact more plausible.

Missing User Warnings

Low
Confidence
88% confidence
Finding
Deleting a tag removes a commonly used image reference and can disrupt deployments, rollbacks, or automation that expect that tag to exist. Although less severe than full repository deletion, the lack of warning in an infrastructure-management reference still creates avoidable operational risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions show how to enable a public Internet endpoint for the registry without warning that this increases attack surface and requires careful ACL, authentication, and exposure review. In the context of a cloud admin skill, this omission is more dangerous because the command directly changes network exposure of a sensitive artifact repository.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes destructive deletion and sync behavior that can permanently remove data, but it does not clearly warn readers about irreversibility or the effect of flags like `--delete`, `--recursive`, and `--force`. In a cloud administration skill, users may copy commands directly into production environments, making accidental mass deletion a realistic risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The presigned URL example shows how to generate a time-limited link but does not emphasize that anyone possessing the URL can access the object without further authentication until expiration. In storage documentation, this omission can lead to unintentional public sharing of sensitive files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation demonstrates `public-read` and lists `public-read-write` ACLs without strongly warning that these settings expose data, or even permit public writes, over the public internet. In an Alibaba Cloud OSS management skill, this is particularly dangerous because users are likely performing real administrative actions against live buckets and objects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference includes commands to create console passwords and access keys for RAM users, which are highly sensitive IAM credentials, but it does not provide clear security guidance about least privilege, credential rotation, secure storage, MFA, or the risks of long-lived keys. In an agent skill context, these examples can normalize unsafe credential handling and may lead users or automated agents to create persistent credentials where role-based or temporary credentials would be safer.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The account creation and password reset examples include plaintext passwords directly on the command line, which can leak through shell history, process listings, logging, or screenshots. In a CLI reference skill, this is more dangerous because users may copy-paste these patterns directly into production environments and inadvertently expose database credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Documenting public endpoint allocation without any warning encourages exposing a managed database to the public internet, significantly increasing attack surface and the likelihood of brute-force, exploitation, or misconfiguration-based compromise. In an infrastructure-management skill, users may treat the example as recommended practice and enable internet reachability without compensating controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows users entering long-lived AccessKey credentials and storing them in the CLI config file without warning about secret handling, local file protection, or the risks of persistent credential storage. In a cloud-management skill, this is security-relevant because users may copy real secrets into terminals, screenshots, shared shells, or insecure home directories, increasing the chance of credential theft and account compromise.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The environment-variable examples place cloud credentials directly into exported shell variables but do not warn that these values can leak through shell history, CI/CD logs, process inspection, inherited environments, or debugging output. Because this skill is specifically for administering Alibaba Cloud resources, leaked credentials could enable unauthorized access to ECS, OSS, RAM, and other sensitive services.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The certificate upload example places the private key directly on the command line via shell substitution. This can expose sensitive key material through shell history, process inspection, terminal logging, audit trails, or accidental copy/paste, which is especially risky in an infrastructure-management skill where users may run commands on shared admin systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The VPC deletion example shows a destructive command with only a dependency note about deleting VSwitches first, but no explicit warning that deleting a VPC can permanently remove core network configuration and disrupt dependent resources. In an infrastructure-management skill, users may copy commands directly, so omission of a clear destructive-action warning increases the risk of accidental outage or irreversible misconfiguration.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The VSwitch deletion example presents a destructive subnet removal command without clearly warning that it can disconnect workloads and affect routing within the VPC. Because this skill is specifically meant to manage live Alibaba Cloud resources via CLI, concise copy-paste examples without safety framing create a realistic risk of accidental service disruption.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal