Back to skill

Security audit

ucloud-infra

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real UCloud management skill, but it handles powerful cloud credentials and destructive actions with avoidable safety gaps.

Review carefully before installing. Use only least-privilege UCloud keys for a test or limited project, avoid production credentials until command execution and secret handling are fixed, manually approve destructive operations, and protect or disable the generated logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly instructs users to pass passwords on the command line (for example via --password), which commonly exposes secrets through shell history, process listings, audit logs, and terminal transcripts. In a cloud-management skill handling privileged infrastructure credentials, this materially increases the chance of credential leakage and subsequent unauthorized access.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill states that create/delete operations automatically log full action parameters, and the documented params fields can include sensitive values such as passwords and other secrets. Writing those parameters into local JSONL logs creates durable secret exposure that can be harvested by other users, agents, backups, or support processes, especially because this skill manages cloud resources and credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs destructive cloud deletion operations immediately when invoked, with no confirmation prompt, dry-run mode, or explicit force flag. In an agent/tooling context, this increases the chance of accidental infrastructure deletion from mis-parameterization, prompt injection, or unintended autonomous action.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill constructs a shell command string containing the cloud public/private keys and executes it via child_process.exec. This exposes secrets to command-line process listings and creates command-injection risk because argument values are concatenated without escaping, so attacker-controlled inputs or environment values could alter the executed command.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.