ClawHub

Alibabacloud Dataworks Data Ops

Security checks across malware telemetry and agentic risk

Overview

This DataWorks helper is mostly coherent, but it needs review because its setup guidance uses risky CLI installation and credential-handling patterns around sensitive cloud credentials.

Review before installing. Avoid the curl-to-bash path unless you independently trust and verify the installer, do not pass access keys on the command line, prefer temporary or least-privilege RAM credentials scoped to DataWorks, and ignore the unrelated ECS/RDS/VPC/FC examples unless you explicitly need those services outside this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The guide expands into installing and exploring broad Alibaba Cloud product plugins such as ECS, VPC, RDS, and FC, which exceeds the declared DataWorks Operations Center scope. In an agent skill context, this unnecessary capability expansion increases the chance the agent or operator will perform unrelated cloud actions, broadening the attack surface and violating least-privilege expectations.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
Authentication verification and troubleshooting are demonstrated with ECS commands rather than DataWorks-specific operations. This normalizes unrelated cloud-resource access inside a DataWorks-focused skill and could lead users or automation to validate credentials against broader services than necessary, indicating overbroad privileges or encouraging misuse.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The file includes generic cloud resource management examples unrelated to DataWorks operations, which is risky in a constrained skill meant for task/workflow operations only. In practice this can blur operational boundaries and encourage granting credentials or installing tooling with much broader permissions than the skill requires.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to execute a remotely fetched shell script directly via `curl ... | bash`, which bypasses review of the downloaded code and creates a supply-chain execution risk. In a high-privilege cloud operations context, compromise of the distribution endpoint, TLS trust chain, or script content could lead to arbitrary code execution on the operator's machine and theft or misuse of cloud credentials.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide shows access keys passed directly on the command line and stored in local configuration without prominently warning that secrets may leak through shell history, process inspection, CI logs, or plaintext files. For an automation-oriented skill, this creates a realistic credential-exposure path that could result in account compromise if operators copy these examples verbatim.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal