ClawHub
Back to skill

Security audit

huawei-cloud-obs-upload

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it helps upload files to Huawei OBS and set up scheduled uploads, but users should be careful because scheduled uploads create persistent cloud transfers.

Install only if you intend to use Huawei Cloud OBS from this machine. Confirm the exact local path, bucket, prefix, and schedule before any upload, and avoid scheduling broad directories that may later contain secrets. Review remote install commands before running them, prefer least-privilege OBS/CES permissions, and remove the crontab or scheduled task when recurring uploads are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (17)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documented minimum required policy adds `ces:metric:get`, expanding the skill's access beyond the stated OBS bucket listing/upload/scheduling scope. This violates least privilege and can expose unrelated monitoring metadata, increasing account reconnaissance capability if the skill or its credentials are misused.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Recommending `CES ReadOnlyAccess` alongside OBS permissions normalizes granting cross-service access that is outside the skill's advertised purpose. Even read-only CES access can reveal operational metrics and inventory details useful for reconnaissance, making the permission set broader than necessary.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The verification document introduces CES traffic and request-metric queries that expand the skill from OBS upload/bucket management into cloud monitoring and analytics. This scope expansion is risky because it grants access to additional operational metadata about bucket usage that is not disclosed in the stated skill purpose, increasing the chance of overcollection and surprising data access.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The end-to-end script validates CES traffic and request metrics even though the skill is described only for uploads, bucket listing/capacity, and scheduled uploads. Embedding these extra live queries in a verification script makes the behavior more dangerous because a reviewer or user may run the script wholesale and unknowingly expose usage telemetry beyond the advertised scope.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Documenting CES monitoring queries in a skill framed as OBS upload and bucket management is a scope/permission mismatch. Even though the commands are legitimate cloud CLI usage, they access operational analytics that are not necessary to perform uploads or bucket enumeration, which can violate least-privilege expectations and user trust.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list includes generic phrases like "upload file", "upload directory", and "object storage", which can cause this skill to activate for unrelated storage tasks. In an agent setting, overbroad activation can route user requests into a capability that performs real cloud uploads, increasing the chance of unintended data transfer to Huawei OBS.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises scheduled uploads via crontab but does not prominently warn that this creates a persistent background task that will continue transferring local data until removed. That can lead to unintended recurring exfiltration of files, ongoing bandwidth/storage costs, and long-lived automation the user may not realize was installed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs users to download and immediately execute a remote installation script with `curl ... && bash ...`, which is a classic supply-chain risk pattern. Even though the text claims integrity verification occurs inside the script, the user is still trusting and executing unreviewed remote code before independently validating it, and there is no prominent warning adjacent to the command about the risks of running downloaded scripts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The upload instructions describe sending local files or directories to remote cloud storage without an explicit warning that local data will leave the host and be copied to a third-party service. In an agentic context, this can cause unintended exfiltration of sensitive files if the user does not fully understand the destination, scope, or recursive behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The scheduled upload section instructs creation of a persistent cron job that repeatedly uploads a local directory, but it does not clearly warn that this establishes ongoing background data transfer. This increases the risk of continuous unintended exfiltration, especially if the watched directory later accumulates secrets, logs, credentials, or personal data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to configure OBS credentials by placing AK/SK directly on the command line, which can expose secrets through shell history, process listings, terminal logs, screenshots, or copied transcripts. Although the text says not to provide AK/SK in conversation, it does not warn about local secret-handling risks or recommend safer input methods, so it can lead to credential compromise in normal use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The scheduled upload verification modifies the user’s crontab, creating persistence on the host system. Although presented as a test step, persistent scheduled execution can continue after verification, repeatedly access local files, and perform network transfers if cleanup is missed or fails.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The end-to-end verification script performs live cloud queries against user-specified buckets and metrics without an explicit privacy or data-access notice. While these are read-oriented commands, they still access account metadata and usage information that users may not expect a verification script to retrieve in bulk.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
curl -LO https://cn-north-4-hdn-koocli.obs.cn-north-4.myhuaweicloud.com/cli/latest/huaweicloud-cli-mac-amd64.tar.gz
tar -zxvf huaweicloud-cli-mac-amd64.tar.gz
chmod +x hcloud
sudo mv hcloud /usr/local/bin/

# Or for ARM64 (Apple Silicon)
curl -LO https://cn-north-4-hdn-koocli.obs.cn-north-4.myhuaweicloud.com/cli/latest/huaweicloud-cli-mac-arm64.tar.gz
Confidence
82% confidence
Finding
sudo

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
```bash
# Add crontab task
(crontab -l 2>/dev/null; echo "<CronExpr> /bin/bash $HOME/obs-scheduled-upload-<BucketName>.sh") | crontab -
```

**Step 3: Verify**
Confidence
91% confidence
Finding
crontab -l 2>/dev/null; echo "<CronExpr> /bin/bash

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
```bash
# Run every hour
(crontab -l 2>/dev/null; echo "0 * * * * /bin/bash $HOME/obs-scheduled-upload-<BucketName>.sh") | crontab -

# Run daily at 8:00
(crontab -l 2>/dev/null; echo "0 8 * * * /bin/bash $HOME/obs-scheduled-upload-<BucketName>.sh") | crontab -
Confidence
75% confidence
Finding
crontab -l 2>/dev/null; echo "0 * * * * /bin/bash; crontab -l 2>/dev/null; echo "0 8 * * * /bin/bash; crontab -l 2>/dev/null; echo "*/30 * * * * /bin/bash

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
### Step 2: Set crontab (every 5 minutes, for testing only)

```bash
(crontab -l 2>/dev/null; echo "*/5 * * * * /bin/bash $HOME/obs-scheduled-upload-test.sh") | crontab -
```

### Step 3: Verify scheduled task
Confidence
75% confidence
Finding
crontab -l 2>/dev/null; echo "*/5 * * * * /bin/bash

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal