ClawHub

huawei-cloud-sac-yolo

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for cloud GPU deployment, but it stores cloud access keys in a local Terraform file and can lead to real infrastructure changes without enough user-facing safeguards.

Review this skill carefully before installing. Use short-lived or least-privilege cloud credentials, avoid writing AK/SK values to terraform.auto.tfvars.json unless you explicitly intend to, add the file to ignore rules if generated, and require a manual review of terraform plan before any terraform apply that can create chargeable resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script's stated purpose is provider normalization, but it also creates terraform.auto.tfvars.json containing access_key and secret_key values. Persisting cloud credentials to disk increases the chance of accidental disclosure through local compromise, backups, artifact collection, or mistaken git commits, especially because auto-loaded tfvars files are commonly consumed silently by Terraform.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script reads HW_ACCESS_KEY and HW_SECRET_KEY from the environment and persists them into terraform.auto.tfvars.json, expanding the exposure surface of sensitive credentials beyond process memory. This behavior is not strictly necessary for provider-source normalization and can leak long-lived cloud credentials via local files, CI workspaces, logs, or source-control mistakes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The verification steps explicitly require writing cloud access credentials to a local Terraform variables file and executing `terraform apply`, but they do not include any warning, consent checkpoint, or handling guidance for sensitive secrets and infrastructure-changing actions. In a deployment skill that provisions GPU cloud resources, this omission can lead users or agents to store long-lived AK/SK insecurely and make real billable changes without adequately understanding the security and cost implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes credential material to terraform.auto.tfvars.json automatically without an explicit confirmation step, which makes unintended secret persistence easy in local or CI environments. Because terraform.auto.tfvars.json is auto-discovered by Terraform, users may not notice that sensitive values have been stored on disk until after exposure occurs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal