ClawHub
Back to skill

Security audit

阿里云日志查询

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a disclosed Aliyun SLS log-query helper, but it asks for cloud access keys and includes broader SLS command guidance without enough read-only scoping or secret-handling guidance.

Install only if you intend to let the agent query Aliyun SLS. Use a dedicated read-only RAM or temporary credential limited to the needed projects and logstores, avoid passing long-lived keys in chat or shell command arguments, and do not approve create/update/delete SLS operations unless you explicitly want resource changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells users to provide `access_id` and `access_key` directly to the CLI, including command-line examples, without warning that these are sensitive secrets. This is dangerous because command-line arguments and persisted CLI configuration may be exposed through shell history, process listings, logs, or insecure local files, increasing the risk of credential theft and subsequent compromise of Alibaba Cloud resources.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The file instructs the agent to append new project/logstore mappings directly into a repository-managed markdown file based on user input. In an agent skill context, this creates an unintended persistent state change path where untrusted or mistaken user-supplied values can alter documentation/data, potentially poisoning future lookups or causing the agent to operate on incorrect environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.