Security audit

野龙虾

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Alibaba Cloud OSS uploader, but users should treat it as sending chosen local files to cloud storage.

Install only if you want the agent to upload specific local files to your Alibaba Cloud OSS bucket. Use a dedicated RAM user limited to the intended bucket, verify the exact local path before each upload, and keep the bucket private unless public URLs are intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The README advertises broad natural-language triggers such as 'upload this file to OSS' without defining explicit activation constraints, confirmation requirements, or exclusions. In an agent setting, ambiguous invocation scope can cause unintended tool activation and accidental exfiltration of local files to a remote bucket when user intent is misinterpreted.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The feature description says the tool uploads local files and returns a URL, but it does not clearly warn users that data leaves the local environment and is transmitted to Alibaba Cloud OSS. Because returned URLs may expose content depending on bucket permissions or signed-link handling, users may underestimate the privacy and data-sharing consequences of using the skill.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation describes file upload and returning a URL, but it does not clearly warn users that local files are transmitted to a third-party cloud service and may become accessible through the generated link. This lack of disclosure can cause accidental exposure of sensitive files, especially if users assume the operation is local or the resulting URL is broadly accessible.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The example trigger phrase "上传这个视频到云存储" is broad and closely resembles ordinary user requests, so the skill may be invoked in situations where the user did not explicitly intend to use this specific OSS uploader. Because the skill performs remote file transmission, overly generic triggers increase the risk of accidental cloud upload of local data.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manifest states that the tool uploads local files to Alibaba Cloud OSS and returns an access link, but it does not warn that sensitive local data will leave the host and be sent to a third-party cloud service. In agent contexts, missing disclosure can cause users to authorize or trigger uploads without understanding the privacy, confidentiality, or exposure implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal