ClawHub

Bailian Usage

Security checks across malware telemetry and agentic risk

Overview

The skill is for checking Alibaba Cloud Bailian usage, but it automatically reads and submits stored cloud credentials, with triggers broad enough to cause unintended account access.

Install only if you are comfortable with this skill reading Bailian credentials from TOOLS.md and logging into Alibaba Cloud through browser automation. Keep credentials in a clearly labeled Bailian-only section, avoid generic Token or Coding Plan prompts, and prefer adding a confirmation step before any login.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes the unrelated English phrase "Coding Plan", which is broad and likely to appear in normal conversation unrelated to quota checks. In an agent environment, this can cause unintended skill invocation, and because the skill performs automated login using credentials from TOOLS.md, accidental activation could expose account context or initiate sensitive browser actions without clear user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases include very broad terms like '阿里云百炼' and 'Alibaba Cloud Bailian', which can activate the skill during general discussion rather than an explicit request to inspect account usage. In this skill, accidental activation is more dangerous than usual because execution can launch a browser, inspect login state, and read credentials from a local TOOLS.md file to access an authenticated cloud account.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The phrase '看看套餐情况' / 'Check package status' is generic conversational language and may match unrelated contexts, causing the skill to run when the user did not intend an authenticated Bailian account lookup. Because this skill performs automated login and data extraction from a sensitive cloud console, an overly permissive trigger increases the chance of unintended access to account information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script is designed to retrieve an account and password from ~/.openclaw/workspace/TOOLS.md and then use them for browser-based authentication, but there is no up-front user-facing consent or warning at the point of execution. In an agent-skill context, silently harvesting stored credentials from a local workspace file and submitting them to an external site is security-sensitive because users may not realize the skill will access and transmit secrets.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This block actively enters the recovered password into a browser session and submits it to a remote service, while suppressing most command errors and providing only generic progress output. In an agent environment, automated credential submission is dangerous because it can be triggered without meaningful user review, can send secrets to an unexpected page if navigation is altered, and normalizes plaintext password handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal