ClawHub

huawei-cloud-sac-new-api

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Huawei Cloud Terraform deployment helper, but it requires careful handling of cloud credentials, public access, and billable resources.

Install only if you intend to let an agent help provision Huawei Cloud resources. Use a dedicated least-privilege IAM user, review Terraform plans before apply or destroy, expect possible cloud charges, keep terraform.auto.tfvars.json out of version control/logs/artifacts, delete it after use, and restrict public network access where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs the agent to use sensitive capabilities including environment access, file read/write, network access, and shell execution, yet it declares no permissions boundary. In practice this creates a broad, implicit trust surface: the agent could access cloud credentials, modify Terraform files, and run deployment/destruction commands without an enforceable least-privilege contract.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script’s stated purpose is provider normalization, but it also writes Huawei Cloud credentials into terraform.auto.tfvars.json. Persisting secrets to disk expands the attack surface because tfvars files are easy to accidentally commit, copy into artifacts, or expose to other local users/processes.

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The CLI/documentation presents credential writing as optional, but the current flow always writes terraform.auto.tfvars.json when not in dry-run mode. This surprising behavior can create or overwrite a sensitive configuration file unexpectedly, increasing the chance of insecure handling and operator error.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly instructs writing long-lived Huawei Cloud access credentials into `terraform.auto.tfvars.json`, which commonly persists on disk and is automatically consumed by Terraform. Although it notes the file should not be tracked in git and later deleted, it provides no warning about secret exposure in local files, backups, shell history, CI artifacts, or overly permissive filesystem access, making credential leakage and subsequent cloud-account compromise more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The verification steps require opening ports 22 and 3000 and checking a publicly reachable HTTP endpoint on the assigned EIP, but they do so without any warning about Internet exposure, source IP restriction, or service hardening. In the context of deploying an LLM gateway, this increases the chance of exposing SSH and an application management/service port directly to the public Internet, enabling brute force attacks, scanning, abuse, or unauthorized access if the service is misconfigured.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal