Back to skill

Security audit

Multi-Cloud Resource Lister / 多云资源清单聚合器

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple multi-cloud inventory helper description, with no executable payload or hidden install behavior, but users should be aware it may use existing cloud credentials to list resources.

Before installing or running it, verify which cloud accounts, subscriptions, projects, and profiles are currently active because the tool may enumerate resources using existing credentials. Prefer explicit provider and resource filters when working in sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises automatic credential chain detection and fallback across multiple cloud providers, but it does not warn users that running the tool may automatically discover and use locally available AWS, Azure, GCP, or Aliyun credentials. This can lead to unintended enumeration of resources in sensitive accounts, surprise use of higher-privilege identities, and accidental disclosure of inventory data across cloud environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.