ClawHub

Alibabacloud Chatapp Message Send

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud CAMS messaging wrapper, with real credential and installer risks that users should manage carefully before use.

Install only if you intend to let the agent send Alibaba Cloud CAMS/WhatsApp messages from your account. Use a least-privilege RAM user, avoid root or long-lived keys where possible, do not paste real secrets into the agent conversation or command history, review the RAM policy before granting mass-message permissions, and avoid --yes unless you are intentionally automating sends.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs the agent to execute shell commands (`aliyun`, `python`, `curl | bash`) but does not declare permissions for shell execution. That weakens enforcement and review controls, because a caller or platform may underestimate the skill's capabilities and allow command execution without explicit approval boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The documented purpose centers on WhatsApp sending and template queries, but the content also references broader channel support (`viber`) and the analysis notes undeclared message-history querying behavior. Capability drift like this is dangerous because users, reviewers, and policy engines may authorize a narrower skill while the implementation performs additional data access or communications actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide includes concrete examples for setting and exporting long-lived cloud credentials, and even shows them persisted in ~/.aliyun/config.json. In an agent/automation context, this is dangerous because users may paste real secrets into shell history, CI logs, chat transcripts, or persistent config without sufficient warnings about exposure and safer alternatives.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide recommends non-interactive credential configuration for scripts, CI/CD, and agent-driven automation, but does not warn that command-line arguments may be captured by process listings, shell history, build logs, or orchestration telemetry. In this skill context, that increases the chance of accidental cloud credential leakage during automated message-sending workflows.

External Script Fetching

High
Category
Supply Chain
Content
> **Pre-check: Aliyun CLI >= 3.3.3 required**
> Run `aliyun version` to verify >= 3.3.3. If not installed or version too low,
> run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to update,
> or see `references/cli-installation-guide.md` for installation instructions.
>
> **Pre-check: Aliyun CLI plugin update required**
Confidence
98% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal