ClawHub

Alibabacloud Ddos Security Monitor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Alibaba Cloud DDoS inspection skill, but it needs review because it can run risky CLI setup commands, change local CLI settings, and broadly query account security data.

Install only if you intentionally want an agent to use your Aliyun CLI profile to inspect Alibaba Cloud DDoS resources. Prefer a dedicated least-privilege RAM account, avoid the pipe-to-bash installer unless you have verified the source, review the exact regions/products before execution, and check your Aliyun CLI plugin and AI-mode settings afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad phrases such as "security check" and "traffic anomaly," which can match many unrelated user requests and cause this credential-backed cloud inspection skill to activate unexpectedly. In this context, accidental invocation is more dangerous because the skill is designed to enumerate account assets and query sensitive security telemetry via authenticated CLI calls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not clearly warn users that execution will access authenticated Alibaba Cloud account inventory, DDoS instance metadata, and security event telemetry. Without an upfront disclosure, users may trigger the skill without understanding that it performs credential-backed inspection of potentially sensitive operational and security data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide recommends executing a network-fetched installer directly with `bash` on both macOS and Linux without any warning to review the script first or verify its integrity. If the remote host, CDN path, or delivery chain is compromised, users could immediately execute attacker-controlled code on their systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The verification steps instruct execution of live Alibaba Cloud CLI commands using whatever credentials are configured locally, causing remote API access against the user's account without an explicit warning or consent checkpoint. In a security-inspection skill this may be functionally relevant, but it still creates risk of unexpected account enumeration, audit-log generation, and exposure of resource metadata.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow instructs `aliyun configure ai-mode disable` on abort and final exit, which modifies the user's local CLI configuration without explicit notice or approval. Changing local configuration as a side effect of verification can disrupt other workflows, violate user expectations, and create a persistent state change unrelated to simply reading security telemetry.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The mandatory traversal language requires cross-region and cross-product enumeration, including probe calls even when no instances are expected, without warning that broad account-wide discovery will occur. In the context of a DDoS monitoring skill this behavior is aligned with the feature goal, but it still increases sensitivity because it can collect extensive inventory metadata, incur operational noise, and surprise users who expected a narrower scoped check.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# Recommended: One-click install script
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

# Or use Homebrew
brew install aliyun-cli
Confidence
98% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
```bash
# One-click install script
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash
```

## Windows
Confidence
98% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Recommended: One-click install script
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

# Or use Homebrew
brew install aliyun-cli
Confidence
97% confidence
Finding
| bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# One-click install script
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash
```

## Windows
Confidence
97% confidence
Finding
| bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal