Back to skill

Security audit

HC DWS CPU Diag V2

Security checks across malware telemetry and agentic risk

Overview

This DWS CPU diagnosis skill is mostly coherent, but it asks for sensitive cloud access and includes unrelated object-storage setup plus silent local report persistence.

Review before installing. Use a least-privilege Huawei Cloud identity limited to the listed DWS read-only permissions, avoid configuring OBS/obsutil unless the publisher explains why it is needed, do not paste AK/SK into chat or command history, and treat generated HTML reports as sensitive files containing operational and SQL details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill goes beyond generating a diagnosis response and instructs the agent to write an HTML file into the local workspace. Disk writes create a side effect outside the declared purpose, can persist sensitive operational data, and may surprise users or downstream systems that expected a read-only diagnostic skill.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Local filesystem write capability is not necessary for CPU diagnosis and expands the skill's privileges and attack surface. Even when the content is only a report, writing files can leak cluster identifiers, SQL text, usernames, and timestamps into persistent storage where other processes or users may access them.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file is materially inconsistent with the declared DWS CPU diagnosis skill: it documents Huawei OBS tooling and object-storage workflows instead of CPU diagnostics. This kind of capability drift can mislead users into installing and authenticating unrelated tools, expanding the skill’s effective privilege surface and creating opportunities for unnecessary credential exposure.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The guide introduces obsutil installation, configuration, authentication, and bucket-listing verification even though the skill is described as a DWS CPU diagnosis tool. Adding unrelated storage tooling increases attack surface and may induce users to provision credentials and permissions that are unnecessary for the diagnostic task, making misuse or accidental data access more likely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs saving an HTML report to disk without a user-facing warning or consent mechanism. Silent persistence is risky because the report may contain sensitive infrastructure and query information, and users may not realize that artifacts are being left behind locally.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The obsutil configuration example places AK/SK directly on the command line, which commonly leaks secrets into shell history, process listings, audit logs, and terminal recordings. In this skill context, that is more dangerous because the document already asks users to configure an unrelated tool, increasing the chance that long-lived cloud credentials are exposed without clear operational need.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.