China Cloud Deploy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Aliyun OSS deployment skill, but it handles cloud credentials and public uploads so users should install it only for intentionally public publishing workflows.

Before installing, confirm you want this agent to help publish files to Aliyun OSS. Use least-privilege or temporary credentials where possible, avoid entering secrets into shared transcripts, and only upload reviewed build output intended to be public; do not point it at private directories, source maps, configs, or secret-containing files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to run interactive cloud CLI credential configuration without warning that long-lived access keys will be entered and typically persisted in local config files. In an agent context, this increases the risk of credential exposure through logs, transcripts, shell history, shared workspaces, or insecure host storage.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow explicitly sets the OSS bucket ACL to public-read without a clear warning that all uploaded objects may become internet-accessible. In practice, this can expose sensitive build artifacts, source maps, configuration files, or mistakenly uploaded private data if users follow the workflow blindly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal