ClawHub

Alibabacloud Analyticdb Mysql Copilot

Security checks across malware telemetry and agentic risk

Overview

This skill fits its Alibaba Cloud database diagnosis purpose, but it needs Review because it can drive live cloud API calls, send diagnostic context to Alibaba Cloud services, alter CLI/plugin settings, and its credential guidance is under-scoped.

Install only if you expect this skill to access real Alibaba Cloud AnalyticDB for MySQL resources. Use a least-privilege read-only RAM role or short-lived STS credentials, review installer and plugin-update commands before running them, avoid putting long-lived access keys in command lines or logs, and treat cluster metadata, connection details, and diagnostic prompts as sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to install or update software using a remote curl-pipe-bash command without integrity verification, pinning, or a visible warning about the risks. This exposes users to arbitrary code execution if the distribution endpoint, transport path, or hosted script is compromised, and the surrounding "MUST" language increases the chance that users will comply automatically.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs users to pass access keys and secrets directly on the command line without prominently warning that shell history, process listings, terminal recordings, and copied transcripts can expose those credentials. In the context of an agent-oriented operations assistant, this is more dangerous because users may paste real secrets into interactive sessions, logs, or shared automation outputs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates sending the user's question and, for instance-level diagnosis, cluster identifiers to an external Alibaba Cloud diagnostic API, but it does not require any user notice, consent, or data-minimization step. This creates a real privacy and data-governance risk because operational metadata and potentially sensitive troubleshooting text may be transmitted off-tool automatically, especially given the 'NON-NEGOTIABLE' language that discourages safer local handling.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
Hard-coding a default timezone of Asia/Shanghai can cause diagnostic interpretation errors when users or clusters operate in other regions, leading to misleading time-scoped analysis or confusion about incident windows. While not a direct security exploit by itself, it can weaken reliability and lead to incorrect operational decisions in a security-sensitive troubleshooting context.

Ssd 3

Medium
Confidence
85% confidence
Finding
Even though the credentials appear to be examples, embedding realistic-looking access key IDs and secrets in commands and config JSON normalizes handling secrets in plaintext and increases the chance users will copy the pattern with real values into logs, screenshots, or repositories. In an ops/diagnostics assistant that may echo commands back to users, this habituation risk is meaningful.

Ssd 3

Medium
Confidence
92% confidence
Finding
The documentation explicitly recommends supplying credentials via command-line flags and environment variables, both of which can leak through shell history, CI logs, debug output, process inspection, or agent-generated transcripts. Because this skill supports automation and diagnosis workflows, users are especially likely to run commands in logged or shared environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal