ClawHub

Alibabacloud Bailian Videoanalysis

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform Alibaba Cloud video analysis as advertised, but it needs review because it uses broad cloud setup, credentials, OSS uploads, signed video URLs, and local result caching.

Install only if you are comfortable sending videos to Alibaba Cloud services. Use a dedicated least-privilege RAM user or temporary role, restrict OSS access to one bucket and /temp/quanmiao/ prefix, avoid or disable automatic plugin installation where possible, use the shortest practical signed URL lifetime, do not paste credentials into chat or shell history, and delete uploaded OSS objects and cached local results when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This reference file is a broad Alibaba Cloud CLI installation and credential-management guide, while the skill is explicitly scoped to Bailian video analysis only. In an agent skill context, supplying unrelated cloud administration workflows expands operational scope, increases the chance of unintended service access, and can steer users or agents toward over-privileged generic cloud usage rather than the minimum API surface required.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs enabling automatic plugin installation, which permits the CLI to fetch and install additional components from remote sources on demand. In a constrained skill meant for a single product, this introduces unnecessary supply-chain and scope-expansion risk because an agent or user may automatically execute code paths outside the intended Bailian-only functionality.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The reference encourages installing and exploring unrelated service plugins and commands such as ECS, VPC, RDS, and FC. For a Bailian video-analysis skill, these instructions normalize arbitrary cloud-service access and make it easier for an agent or operator to exceed intended permissions and interact with unrelated resources.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list contains broad phrases such as 'analyze video', 'summarize this video', and 'what is this video about', which are common natural-language requests. This makes accidental or unintended invocation more likely, causing the agent to run cloud CLI commands, upload files, or process URLs when the user may not have intended to invoke this specific skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document shows direct command-line and environment-variable usage for access keys without clearly warning that secrets can persist in shell history, process listings, CI logs, and local config files. In an agent-driven environment, these patterns increase the likelihood of credential exposure and reuse beyond the intended session.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Recommending automatic plugin installation without a security warning can cause users or agents to download and execute remote components implicitly. That is especially dangerous in a skill context because the skill's declared scope does not require arbitrary plugin retrieval, so the feature materially increases supply-chain exposure with little justified benefit.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The verification steps instruct users to upload a local video to OSS and generate a signed HTTPS URL, but they do not warn that this exposes the file to anyone possessing the link for the duration of the signature. In a video-analysis skill, inputs may contain sensitive personal, proprietary, or regulated content, so omitting disclosure and handling guidance creates a real data-exposure risk even if the URL is temporary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal