ClawHub

huawei-cloud-flexus-l-server-hermes-deployment

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Huawei Cloud deployment purpose, but it needs Review because it can create billable resources, run remote scripts, and handle secrets with weak scoping.

Install only if you are comfortable giving this skill cloud credentials that can create billable Huawei Cloud resources and run COC scripts. Prefer temporary, least-privilege credentials, avoid passing secrets on the command line, review the IAM policy before use, and plan cleanup for created instances, COC scripts, and stored .env/config secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill describes capabilities to read environment variables, access files, invoke shell commands, and make network calls, but does not declare permissions. That creates a transparency and consent problem: a caller may invoke a high-privilege deployment skill without understanding that it can access credentials and perform external operations on cloud resources. In a deployment skill handling AK/SK/token material, undeclared capabilities materially increase risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The module exposes generic COC primitives for creating, listing, retrieving, and executing arbitrary scripts, which substantially exceeds a narrowly-scoped Hermes deployment skill. If this library is reachable by an agent or user-controlled inputs, it can be repurposed as a general remote code execution interface on cloud instances.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation repeatedly shows AK, SK, security tokens, API keys, and bot secrets passed directly on the command line. Secrets provided this way can be exposed through shell history, process listings, terminal logging, CI logs, and support transcripts, undermining the document's own stated rule that credentials must not appear in conversation or logs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document recommends a combined IAM policy that grants create, execute, query, and delete permissions across Flexus L instances and COC scripts on all resources using `Resource: "*"`, but it does not clearly warn users about the destructive and automation risks of these permissions. In a one-click deployment skill, this is more dangerous because users may copy the policy verbatim, granting broad operational access that could be abused to create, run, or delete cloud resources if the skill, credentials, or workflow are compromised.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to pass Huawei Cloud AK/SK and API keys directly on the command line, which can expose secrets through shell history, process listings, logging systems, CI job output, and terminal recording tools. In a cloud deployment skill, these credentials are highly sensitive because disclosure can enable unauthorized provisioning, modification, or access to cloud resources and downstream services.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The deployment and configuration examples perform cloud instance creation and service configuration, but the document does not clearly warn users that these commands will create or modify billable cloud resources and production-like settings. This increases the risk of accidental execution, unexpected charges, and unintended changes, especially in a one-click deployment context where users may copy-paste commands without understanding the impact.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The interactive prompts collect AK, SK, and security token using plain input(), which echoes the secrets on screen and may expose them to shoulder surfing, terminal recording, shell session capture, or support logs. Because these are cloud credentials, disclosure could enable unauthorized access to Huawei Cloud resources.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function sends highly sensitive values including cloud AK/SK and bot platform secrets to a remote installation routine without any explicit warning, confirmation, or safer handling path in non-interactive mode. In a deployment skill whose purpose is to configure remote infrastructure, this creates real secret-exposure risk if the remote endpoint, transport, logging, or downstream execution environment is not fully trusted, and the skill context increases rather than reduces that risk because secret transmission is central to the workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code interpolates the ModelArts API key directly into shell script content and uploads that script to COC for remote execution. This causes secrets to exist in script bodies, service-side records, and potentially execution logs, increasing exposure to anyone with access to COC scripts, job history, or host process artifacts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Bot credentials are inserted into remotely created shell scripts and then written into a plaintext .env file on the target host. This expands the secret exposure surface across transit, COC persistence, execution logs, and local file disclosure on the instance.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The function prints full signed request headers, which may include sensitive authentication material such as X-Security-Token and authorization/signature-related headers. These logs can leak cloud credentials or replayable request metadata to log readers, support personnel, or centralized logging systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function interactively collects highly sensitive secrets (Huawei Cloud AK/SK, optional security token, and ModelArts API key) and then passes them to a remote installation routine without clearly warning the user that these values will be transmitted off the local machine. In a deployment skill whose core purpose is remote configuration of cloud resources, this creates a real secret-handling risk: users may disclose credentials without informed consent, and any compromise or misrouting in the downstream remote workflow could expose cloud access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal