ClawHub

Alibabacloud Cfw Exposure Detection

Security checks across malware telemetry and agentic risk

Overview

This is mainly a read-only Alibaba Cloud Firewall audit skill, but it also tells the agent to run automatic local CLI installation, plugin updates, and persistent CLI configuration changes.

Install only if you specifically want an agent to query Alibaba Cloud Firewall with your local Aliyun CLI profile. Use a least-privilege read-only RAM user or role, confirm the active profile and region first, do not let the agent run curl-to-bash installation or broad plugin updates unless you intentionally approve them, and check Aliyun CLI AI-mode and auto-plugin settings after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to install or update the Aliyun CLI via a remote shell pipeline (`curl ... | bash`) even though the skill is described as read-only exposure analysis. This expands the skill from querying cloud state into arbitrary system modification and remote code execution from a network source, which is unnecessary and dangerous in an agent context.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill enables/disables Aliyun CLI AI-mode and sets a user-agent through global CLI configuration, which mutates persistent environment state unrelated to the core read-only analysis task. Persistent configuration changes can affect later sessions, other workflows, or security boundaries, and they are performed automatically without explicit user consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger description is broad enough to match generic security inventory, attack-surface, and baseline-check requests, causing this skill to activate in situations beyond its narrow Cloud Firewall exposure-analysis purpose. Overbroad routing is risky because the skill then autonomously runs multiple cloud API calls and configuration steps without confirming that this specific skill is appropriate.

Missing User Warnings

High
Confidence
98% confidence
Finding
The markdown tells the agent to install/update software using a remote shell script without a clear warning that this will modify the system. In an agent environment, hidden or under-disclosed system modification is dangerous because it can lead to unreviewed code execution and persistent changes outside the user's expected scope.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires changing persistent CLI plugin and configuration state, including auto-plugin installation and AI-mode settings, without an explicit user warning about these modifications. This creates hidden side effects on the host environment and can alter how future CLI invocations behave.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide provides environment-variable examples for cloud credentials without explicitly warning that exported secrets can be exposed through shell history, process listings, terminal recordings, CI/CD logs, or inherited subprocess environments. In a security-related skill that may be used interactively or in automation, this increases the chance that users handle long-lived credentials unsafely and accidentally disclose them.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal