ClawHub

Alibabacloud Ddoscoo Intercept Query

Security checks across malware telemetry and agentic risk

Overview

This skill is useful for Alibaba Cloud DDoS troubleshooting, but it also includes broad authority to change live protection settings and unsafe credential examples that users should review carefully.

Install only if you intend to let the agent inspect Alibaba Cloud DDoS/SLS data and potentially change DDoS protection settings. Use least-privilege, preferably temporary credentials; do not paste real access keys into command-line examples; and require explicit human approval plus rollback awareness before any enable, disable, delete, modify, config, or overwrite command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
Although presented as an intercept-query tool, the workflow includes `enable-web-access-log-config`, which changes production logging configuration. A user invoking what appears to be a diagnostic skill could unintentionally authorize a state-changing operation with cost, privacy, and operational consequences.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documentation expands beyond investigation into disabling CC rules and precise access controls, which are active defensive controls. If followed automatically or with weak confirmation, the skill could reduce protection coverage and expose applications to malicious traffic under the guise of support troubleshooting.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The cleanup section claims the skill is read-only by default even though earlier sections instruct configuration changes such as enabling logs and disabling rules. This mismatch can mislead reviewers and users, causing underestimation of risk and accidental approval of state-changing actions.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill is described as an intercept/block query aid, but this reference file contains broad state-changing and destructive administrative operations including creating, deleting, disabling, and reconfiguring DDoS protections. That scope expansion is dangerous because an agent using this reference could be induced to weaken or remove active defenses instead of only investigating a block event.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The documented capabilities materially exceed the stated purpose of querying intercept reasons, exposing administrative control over CC, ACL, AI protection, global rules, IP lists, and region blocking. In an agent setting, unjustified excess capability increases the chance of prompt-induced misconfiguration, privilege misuse, or accidental service exposure.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as an intercept-query/investigation tool, but the documented commands include state-changing operations such as enabling logs, disabling/enabling CC rules, and modifying precise access control switches. This expands the capability from read-only diagnosis to active security-control changes, creating a risk of accidental weakening of DDoS protections or unauthorized configuration drift if the agent executes them during troubleshooting.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The inclusion of credential/configuration commands like `aliyun configure set --auto-plugin-install true`, `aliyun configure list`, and plugin update operations is not necessary for a narrow intercept-query workflow. These commands can alter the CLI environment, enable automatic installation behavior, and broaden operational scope beyond investigation, increasing the chance of unintended system changes or abuse in a privileged execution context.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The reference documentation for a query-only investigation skill includes `modify-web-ai-protect-mode`, which is a state-changing command rather than a read-only query. In an agent setting, documenting a mutating command can cause the model or operator to invoke it during troubleshooting, turning a forensic workflow into an administrative one and risking unintended protection changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide includes commands with access key ID and secret directly on the command line. Even as examples, this normalizes an unsafe practice because shell history, process listings, terminal logging, screenshots, and CI logs can expose long-lived credentials if users paste real values into these commands.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document recommends storing long-lived access keys in environment variables and in the CLI config file without clearly warning about persistence and leakage risk. In CI/CD, shared shells, container environments, crash dumps, and local filesystem backups, these values may be retained or exposed longer than intended.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
These CC rule creation, deletion, and global switch commands can directly change enforcement behavior or disable protections, yet the documentation does not require explicit user confirmation or warn about the consequences. In an agent workflow, omission of such safeguards makes accidental outages, bypasses, or reduced protection more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
ACL deletion and disablement can remove access controls that actively protect an application, but the file presents them as ordinary operational steps without highlighting the security impact. This increases the risk that an agent or operator will disable protections while troubleshooting a single block incident.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The AI, global, IP-set, and region-block commands alter core protective controls, and some are full-overwrite operations that can unintentionally erase existing allow/deny configurations. Without prominent warnings and confirmation requirements, an agent could cause broad loss of protection or traffic disruption through a single mistaken command.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The markdown presents state-changing DDoS commands alongside query commands without prominent warnings, approval requirements, or distinction between safe read-only actions and risky mutations. In an agent skill context, this can normalize or encourage execution of commands that disable protections or alter traffic-filtering behavior during an investigation, leading to reduced defenses or service exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal