ClawHub

Alibabacloud Dataworks Data Governance

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a legitimate Alibaba Cloud DataWorks tag-management helper, but it needs review because its setup guidance and triggers are broader than the narrow cloud metadata task.

Install only if you intend to let an agent work with Alibaba Cloud DataWorks data-governance tags. Use a dedicated least-privilege RAM user or role, avoid admin or unrelated service plugins, do not paste access keys into chat or commands, and manually confirm every create, update, bind, or unbind action with the exact region, project, assets, and tags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file is a full-purpose Aliyun CLI installation and administration guide, not a narrowly scoped reference for DataWorks data-governance tag management. In an agent skill, this broadens operator capability far beyond the declared purpose and can facilitate unrelated cloud actions if the agent or user follows the guide verbatim.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This section teaches multi-profile and cross-service CLI usage patterns that enable broader cloud administration unrelated to tag management. In the context of an agent skill, such capability expansion increases the chance of misuse, privilege creep, or an agent being steered into operating on unrelated Alibaba Cloud resources.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The next-steps section encourages installing unrelated plugins and exploring other cloud services, which extends the skill's operational surface beyond its declared DataWorks tagging purpose. While likely written as general helpful documentation, it can normalize broader cloud access and distract from least-functionality principles.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad phrases such as 'tag management', 'query data assets', and 'list data assets', which are generic enough to match ordinary user requests outside the intended Alibaba Cloud DataWorks context. This can cause unintended skill invocation and execution of sensitive tag-management or asset-query workflows against real cloud resources, increasing the risk of accidental metadata changes or disclosure of asset inventory.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill supports unbinding tags from data assets, which is a state-changing metadata operation, but the documentation does not present a clear user-facing warning that this modifies governance metadata and may affect discovery, classification, policy workflows, or downstream automation. In a data governance context, silent or under-signaled metadata changes are risky because operators may treat the action as harmless cleanup when it can alter compliance or operational controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal