Back to skill

Security audit

huawei-cloud-dws-dymem-diag

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate-looking Huawei Cloud DWS memory diagnostic helper, but it asks the agent to use local cloud tooling and persist potentially sensitive diagnostic reports with limited user control.

Install only if you are comfortable granting read-only Huawei Cloud DWS access and letting the agent inspect cluster metrics, active sessions, users, and SQL text. Prefer least-privilege IAM credentials, use interactive or environment-based secret entry instead of command-line AK/SK arguments, verify downloaded Huawei tooling, and review or delete generated HTML reports because they may contain sensitive operational data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill goes beyond passive diagnosis by instructing the agent to write an HTML file into the local workspace. Unprompted filesystem writes create a side effect not reflected in the allowed-tools list and can overwrite files, leak sensitive diagnostic content into persistent storage, or violate least-privilege expectations for a read-only analysis skill.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill directs the agent to execute local shell commands such as hcloud and python -c even though the declared allowed tools only list MCP tools. This expands the execution surface from constrained tool use to arbitrary local command execution, which can enable unauthorized network access, environment probing, and command abuse if the agent runtime honors these instructions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill requires saving a diagnosis HTML file to the workspace without warning the user or obtaining consent. Silent persistence of generated reports can expose operational data to other processes or users sharing the workspace and may create audit or data-retention issues.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide instructs users to place AK/SK in plaintext in a YAML file and to pass them directly on the CLI before encryption occurs, but it does not explicitly warn about shell history, process listing, file permissions, or secret handling hygiene. In a skill centered on cloud diagnostics with privileged access to DWS resources, this increases the chance of credential exposure through logs, screenshots, terminal history, or misconfigured repositories.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.