Back to skill

Security audit

huawei-cloud-pipeline-test-mra46lax

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly aligned with creating Huawei Cloud OBS buckets, but it can create public cloud storage and bulk account changes without enough explicit confirmation.

Review before installing or using this skill. Treat it as capable of changing your Huawei Cloud account, creating buckets that may be internet-readable, and incurring usage costs. Prefer private ACLs by default, require explicit confirmation before any public-read or batch operation, and inspect or verify remote installer scripts before running them, especially with elevated privileges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script automatically assigns `public-read` ACLs for buckets whose purpose is `website` or `assets`, even though the skill is framed broadly as bucket creation and configuration guidance. This creates a real risk of unintended public exposure of stored objects, especially in batch mode where users may not realize some buckets will be internet-readable by default.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is broad enough to activate on generic storage-related requests such as 'Huawei Cloud bucket' or 'storage creation', which can cause the agent to invoke a state-changing cloud operation skill outside the user's precise intent. In a cloud administration context, over-triggering is risky because it may steer normal informational queries into credential checks, configuration access, or bucket-creation workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill presents bucket creation commands as normal workflow steps without an explicit warning that these commands will create real cloud resources in the user's account and may incur charges. In this context, that omission increases the chance of accidental state-changing actions, especially because bucket creation is coupled with region, ACL, and storage-class choices that have operational and cost consequences.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to download and immediately execute a remote shell script with curl and bash, which is a classic supply-chain risk. If the hosting bucket, network path, or script contents are compromised, users could run arbitrary code on their systems without prior inspection or integrity verification; the suggestion to rerun as root further increases the blast radius.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs account-changing operations immediately and in bulk, including potentially public bucket creation, without any confirmation or dry-run safeguard. In the context of a cloud administration skill, this increases the chance of accidental resource creation, unexpected cost, and unintended exposure due to one mistaken invocation or misunderstood purpose label.

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
### Step 2: Select Region

Get the region for the OBS bucket to be created from the context. If no region is specified, use the "endpoint" parameter in the ~/.obsutilconfig file as the region by default.
Return prompt text:
>Once a bucket is created successfully, the region cannot be changed, please choose carefully. The region you want to create the bucket in is ${region}

### Step 3: Create Bucket
Confidence
88% confidence
Finding
Return prompt

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.