ClawHub

Alibabacloud Cadt Probe

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Alibaba Cloud inventory helper, but its outputs can reveal sensitive cloud topology and should be scoped and protected.

Install only for Alibaba Cloud accounts where you intend the agent to inspect infrastructure inventory. Prefer narrow RAM permissions and explicit --regions or --list-types filters, avoid --debug unless needed, and store or share output JSON as sensitive infrastructure data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list includes very broad terms such as 'probe' and 'list resources', which can match many ordinary cloud-assistance requests and cause unintended activation. In this context, accidental invocation is risky because the skill enumerates cloud infrastructure and may expose sensitive asset inventory data or initiate broad account-wide discovery.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description explains how to discover and export cloud resources but does not prominently warn that outputs may contain sensitive infrastructure inventory, topology, and relationship data. Without that warning, users or downstream agents may handle the results insecurely, store them broadly, or share them in logs or tickets.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document grants broad read access for inventorying cloud resources and their relationships across many services, but it does not warn users that running the skill exposes comprehensive infrastructure metadata. In a cloud-enumeration skill, this can reveal topology, asset inventory, and service usage patterns that are sensitive even if the permissions are nominally read-only.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The policy includes APIs that read security-relevant configuration such as security group settings, access whitelists, listeners, NAT rules, and firewall subscription details, yet the document lacks any warning that the skill inspects network exposure and access-control posture. That increases the risk of silent collection of sensitive defensive configuration that could aid reconnaissance if misused.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The --debug flag causes the script to print raw API response bodies to stderr, which can include discovered cloud resource inventory and metadata. In an agent or shared execution environment, stderr is often captured into logs, traces, or orchestration systems, so enabling debug can unintentionally exfiltrate sensitive infrastructure details beyond the intended recipient.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal