ClawHub

Alibabacloud Ddos Native Intercept Query

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a read-only Alibaba Cloud DDoS troubleshooting guide, but it requires persistent local CLI/plugin changes and gives risky credential-configuration examples that users should review first.

Install only if you are comfortable with this skill changing local Aliyun CLI/plugin state and reading Alibaba Cloud DDoS configuration data through your selected profile. Use a least-privilege RAM role or short-lived STS credentials, avoid pasting real access keys into command lines or chat, review plugin updates before running them, and verify `aliyun configure ai-mode disable` after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill claims to be strictly read-only, yet it instructs execution of `aliyun configure set --auto-plugin-install true` and `aliyun plugin update`, which change local CLI configuration and installed components. This can alter the execution environment, introduce unreviewed code via plugin updates, and violate user expectations about non-mutating behavior.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Mandatory AI-mode enable/disable commands modify local CLI state despite the skill's strict read-only claim. While less severe than cloud-side writes, this still changes the operator environment and may persist if cleanup fails, creating audit, privacy, or behavior changes for subsequent commands.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide shows non-interactive CLI commands with secrets passed directly as command-line arguments. In real environments, those values can be exposed through shell history, CI/CD logs, copied transcripts, and sometimes process inspection, which creates a practical credential leakage risk even though the document is instructional.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal