Back to skill

Security audit

DataWorks Open API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud DataWorks automation skill, but it should be used with carefully scoped cloud credentials.

Install only if you intend to let an agent operate Alibaba Cloud DataWorks. Prefer short-lived or brokered credentials, use least-privilege RAM permissions, keep MCP config files and credential endpoints private, and review any create, deploy, stop, suspend, or delete action before approving it. Run the discovery scripts only in trusted environments because their SSL fallback can reduce transport integrity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to configure long-lived Access Key credentials or a credential-fetching URI for an MCP server, but it does not warn about secret handling, least-privilege scoping, local-only binding, or the risk of exposing a credential endpoint to other local users/processes. In an agent/MCP context, these credentials may grant broad DataWorks access, so normalizing this setup without security guidance increases the chance of credential leakage or misuse.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.