ClawHub
Back to skill

Security audit

huawei-cloud-obs-website-host

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Huawei Cloud OBS website setup helper, but it can intentionally make bucket content public and change DNS, so credentials and scope matter.

Install only if you want an agent to configure Huawei OBS website settings, register a custom domain, and possibly create DNS CNAME records. Use a dedicated public website bucket or tightly scoped prefix, verify there is no sensitive content before enabling public read, use least-privilege temporary or rotated AK/SK credentials, and verify any downloaded Huawei CLI/obsutil installer from the vendor before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill clearly relies on environment variables, local credential files, and network access, but it does not declare those capabilities explicitly. That creates a trust and review gap: operators may approve or run the skill without understanding it can read local credential state and make external network changes or probes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill description does not accurately bound operational behavior: it performs verification of DNS/HTTP/region and claims Huawei Cloud DNS integration that is only partially implemented through referenced guides and external tooling. This mismatch can cause users or orchestration systems to authorize a broader set of actions than expected, or assume DNS changes are safely automated when they are not.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script automatically sources Huawei credentials from environment variables and a local ~/.obsutilconfig file, then uses them for authenticated OBS API calls. In an agent/skill context, this creates a secret-access boundary violation: running a seemingly simple website verification task can silently consume locally available cloud credentials and transmit them to a remote service without explicit user opt-in, increasing the risk of unintended credential use and privilege exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill repeatedly treats anonymous/public read as a success condition for website content but does not present a prominent warning that this intentionally exposes bucket objects to the public internet. In a storage-hosting context, that can lead to accidental data exposure if users misunderstand which bucket or object prefix is being made readable.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow includes enabling website hosting, registering a custom domain, and creating/updating DNS records, all of which can expose content publicly and change production traffic routing. Without a clear upfront impact warning, users may trigger internet exposure or domain cutover with insufficient awareness of the security and availability consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs users to configure AK/SK credentials directly on the CLI but does not warn that these secrets are typically persisted in local configuration files, which increases the risk of credential theft from disk, backups, shell history, or multi-user hosts. In a cloud administration context, exposure of these credentials could enable unauthorized access to Huawei Cloud resources well beyond the website-hosting task.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script reads credentials from local/environment sources and performs authenticated network requests to Huawei OBS without an explicit warning or consent checkpoint. In a security-sensitive automation environment, that is dangerous because users may expect a passive verification script, but it can silently authenticate to cloud APIs using whatever credentials are present, causing unintended data exposure, audit noise, or use of higher-privilege accounts than intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal