Higress Gateway Management

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears aligned with Higress gateway administration, but it relies on undeclared admin credentials/session cookies and can make persistent gateway changes, so it should be reviewed before use.

Only install this if you intend to let the agent administer your local Higress gateway. Confirm the admin cookie and password handling, review every create/update/delete request before it runs, and avoid using it for production routes or provider credentials without a rollback plan.

Static analysis

Generated source template injection

Critical

Finding: User-controlled placeholder is embedded directly into generated source code.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

Medium

What this means

An agent using this skill can authenticate to the local Higress Console as an administrator and change gateway configuration.

Why it was flagged

The skill tells the agent to use Higress admin credentials and a session cookie, but the registry metadata says there are no required environment variables or primary credential. That under-discloses privileged account access.

Skill content

HICLAW_ADMIN_PASSWORD  # Admin password for Higress Console
HIGRESS_COOKIE_FILE    # Path to session cookie file
...
Use it with `curl -b "${HIGRESS_COOKIE_FILE}"`.

Recommendation

Declare the required credentials and environment variables in metadata, document the exact privilege scope, and require explicit user approval before any mutating operation.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

A mistaken or over-broad command could remove consumers, rotate credentials, or break AI routing.

Why it was flagged

The skill documents direct administrative API calls that update and delete gateway objects. These are purpose-aligned, but they are high-impact operations.

Skill content

curl -X PUT http://127.0.0.1:8001/v1/ai/routes/default-ai-route ... -d "$UPDATED"
...
curl -X DELETE http://127.0.0.1:8001/v1/consumers/worker-alice -b "${HIGRESS_COOKIE_FILE}"

Recommendation

Use this skill only for explicit user-requested changes, review the target object and payload before execution, and keep a rollback or backup plan for route and credential changes.

#ASI08: Cascading Failures

Low

What this means

Incorrect route changes could affect many or all AI model requests passing through the gateway.

Why it was flagged

The skill acknowledges that route changes can affect all model traffic through the gateway, so a bad update could have broad downstream impact.

Skill content

The system initializes with a `default-ai-route` that has no `modelPredicates` — all model requests go through it.

Recommendation

Test route changes narrowly, prefer explicit model predicates, and confirm expected traffic impact before updating default routes.