huawei-cloud-flexus-l-server-scripts-excute

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it enables high-impact cloud script execution with weak scoping and unsafe credential-handling guidance.

Review before installing. Use only with a dedicated least-privilege Huawei Cloud identity, avoid putting real AK/SK/token values in chat or command-line arguments, verify target instance IDs and script UUIDs manually, and do not run production or root-level execution without an out-of-band confirmation process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (11)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The skill explicitly states that credentials must never appear in conversation, yet the documentation repeatedly shows AK/SK and security tokens passed inline on the command line. In an agent setting, such examples strongly encourage unsafe secret-handling patterns and increase the chance that credentials are exposed in chat logs, shell history, telemetry, or debugging output.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The document says scripts must only be executed through skill action=exec and never directly in a shell, but then provides numerous direct `python ...` execution examples. This contradiction undermines the control boundary the skill claims to enforce and can lead operators or agents to bypass intended safeguards, auditing, and output filtering.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger keywords are broad operational terms like 'script management', 'script execution', and 'cloud operations', which can match many benign requests. For a skill capable of creating and remotely executing scripts on cloud instances, overly broad activation materially increases the risk of unintended routing into a high-impact capability.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The routing keywords remain ambiguous and insufficiently constrained, making accidental invocation plausible in ordinary cloud administration conversations. Because this skill manages remote script creation and execution, misrouting is more dangerous than in a read-only or informational skill.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes batch remote script deployment, emergency execution, application deployment, and data processing on target hosts without a strong upfront warning about destructive or system-impacting behavior. In context, this is a high-risk capability because remote script execution can alter systems at scale, disrupt services, or execute harmful payloads if invoked carelessly or maliciously.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The help examples explicitly encourage users to pass AK/SK/security token values on the command line, which commonly exposes secrets through shell history, process listings, job control logs, and audit tooling. In a cloud-operations skill with privileged credentials and remote execution capability, leaking these credentials can enable account compromise and unauthorized script execution across target instances.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The tool proceeds directly to remote script execution without a confirmation prompt, dry-run summary, or explicit warning despite targeting cloud instances and potentially running as `root`. In this skill context, execution is the core function and can be destructive by design, so accidental invocation, wrong-target selection, or misuse can immediately impact production systems.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The smoke test requires AK, SK, and a security token to be passed as command-line arguments, which can expose secrets through shell history, process listings, CI logs, and system monitoring tools. In this skill's context, those credentials grant access to Huawei Cloud COC script management and remote execution APIs, so leakage could enable unauthorized script creation or execution against cloud instances.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The documentation instructs users to provide cloud credentials directly on the command line, including AK/SK and optional security tokens. This is dangerous because command-line secrets are commonly exposed through shell history, process listings, session logs, support transcripts, and agent conversation content, directly risking cloud account compromise.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The core command examples continue to embed AK/SK and security tokens directly in executable commands for create, show, list, execute, and query operations. This normalizes insecure handling of highly privileged cloud credentials across the entire workflow and magnifies the chance of credential leakage during ordinary use.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The workflow and validation sections instruct users to export or pass live credentials during testing and execution, making leakage likely in copied commands, transcript reuse, terminal logs, and agent responses. Because the same skill also supports remote execution on cloud instances, exposed credentials could be used to take over cloud resources and run arbitrary operations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal