Back to skill

Security audit

Multi-Cloud Credential Switcher / 多云凭证切换器

Security checks across malware telemetry and agentic risk

Overview

This skill is about cloud credential management, but it asks users to trust high-impact credential rotation and CI/CD injection without enough safety boundaries or a clear implementation.

Review carefully before installing or using. Only use this with least-privilege cloud roles, trusted CI/CD systems, encrypted secret storage, and explicit approval for production or admin-role changes. The package does not appear to include the command it documents, so verify what tool or implementation will actually run before providing credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill explicitly promotes automated credential rotation and unattended CI/CD credential injection, both of which involve highly sensitive secrets and privileged access paths, but it provides no warnings, guardrails, or usage constraints. In a credential-management skill, omission of safety guidance increases the chance of users exposing cloud keys, over-privileging automation, or injecting credentials into insecure environments and logs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.