ClawHub

Huawei Cloud Cce Cluster Management

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Huawei CCE cluster-management skill, but it exposes powerful infrastructure and credential operations without enough user-facing safety guardrails.

Install only if you intend to let the agent administer Huawei CCE clusters. Use least-privilege IAM instead of blanket administrator access where possible, treat kubeconfig output as a secret, avoid logging or sharing it, and require human confirmation for public API exposure, node drains, scale-downs, deletions, and other disruptive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The IAM policy documentation does not cover several operations the skill claims to support, creating a mismatch between documented permissions and actual runtime capability. In a cluster-management skill, this can lead operators to grant broader ad hoc permissions such as full administrator roles when features fail, undermining least privilege and making over-privileged deployments more likely.

Intent-Code Divergence

Low
Confidence
86% confidence
Finding
The document presents a 'minimum required policy' but then recommends a broader administrator policy, which can nudge users toward unnecessary privilege escalation. In infrastructure-management contexts, contradictory guidance increases the chance that users ignore scoped policies and default to blanket administrative access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest advertises retrieval of a cluster kubeconfig and says it can be used with kubectl, but provides no warning that kubeconfig commonly contains client credentials, bearer tokens, or certificate material granting cluster-admin or broad cluster access. In a cluster-management skill, this is especially sensitive because it enables direct access to production infrastructure and could lead to credential disclosure, lateral movement, or full cluster compromise if handled insecurely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The EIP binding tool enables public API server exposure but the description omits any warning about increased internet-facing attack surface, source access control, or the need to restrict who can reach the endpoint. In the context of Kubernetes cluster administration, making the control plane publicly reachable without emphasizing security implications can lead to accidental exposure of a high-value management interface.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The node drain tool states that it evicts all pods and marks the node unschedulable, but it lacks a clear warning that this can disrupt workloads, cause downtime, or impact stateful services if PodDisruptionBudgets and maintenance planning are not considered. In a production cluster-management skill, omission of that warning increases the chance of unsafe operational use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation lists destructive permissions such as cluster deletion and node deletion without warning about their operational consequences. Because this skill manages production Kubernetes infrastructure, omission of cautionary guidance increases the risk of accidental misuse, destructive automation, or unsafe delegation of powerful actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Recommending the broad 'CCE Administrator' policy without a warning about its full-management scope encourages over-privileged access to cluster infrastructure. In this skill context, that is especially risky because the exposed operations include lifecycle changes, node operations, and other sensitive cluster-management tasks that could disrupt or expose production environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes scale-down examples that reduce node counts with only a generic confirm flag and no explicit warning about workload eviction, capacity loss, or possible service disruption. In a cluster-management skill, users may follow these instructions directly, so omission of operational safety guidance can lead to accidental outages or degraded availability.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The troubleshooting guide includes a realistic example of setting a node password in an environment variable without any warning about secret handling, shell history exposure, or use of placeholders. While the value appears illustrative rather than an actual credential, documentation that normalizes embedding passwords directly in commands can lead users to leak secrets into shell history, logs, and process environments.

Credential Access

High
Category
Privilege Escalation
Content
"script": "scripts/huawei-cloud.py"
    },
    {
      "name": "huawei_get_cce_kubeconfig",
      "description": "Get kubeconfig for a CCE cluster. Returns kubeconfig in JSON and YAML format with cluster endpoints information. The kubeconfig can be used with kubectl to manage the cluster.",
      "parameters": {
        "type": "object",
Confidence
97% confidence
Finding
kubeconfig

Credential Access

High
Category
Privilege Escalation
Content
},
    {
      "name": "huawei_get_cce_kubeconfig",
      "description": "Get kubeconfig for a CCE cluster. Returns kubeconfig in JSON and YAML format with cluster endpoints information. The kubeconfig can be used with kubectl to manage the cluster.",
      "parameters": {
        "type": "object",
        "properties": {
Confidence
96% confidence
Finding
kubeconfig

Credential Access

High
Category
Privilege Escalation
Content
},
    {
      "name": "huawei_get_cce_kubeconfig",
      "description": "Get kubeconfig for a CCE cluster. Returns kubeconfig in JSON and YAML format with cluster endpoints information. The kubeconfig can be used with kubectl to manage the cluster.",
      "parameters": {
        "type": "object",
        "properties": {
Confidence
96% confidence
Finding
kubeconfig

Credential Access

High
Category
Privilege Escalation
Content
},
    {
      "name": "huawei_get_cce_kubeconfig",
      "description": "Get kubeconfig for a CCE cluster. Returns kubeconfig in JSON and YAML format with cluster endpoints information. The kubeconfig can be used with kubectl to manage the cluster.",
      "parameters": {
        "type": "object",
        "properties": {
Confidence
96% confidence
Finding
kubeconfig

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal