ClawHub

Alibabacloud Domain Manage

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Alibaba Cloud domain lookup skill, but it needs review because it changes local Aliyun CLI setup and can run remote installer/update steps while presenting itself as read-only.

Install only if you are comfortable letting the agent use your configured Alibaba Cloud identity to read domain inventory and details. Prefer a dedicated read-only RAM user or role, install Aliyun CLI through a trusted and verifiable method, review plugin/update and AI-mode commands before they run, and avoid displaying registrant email/name unless needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill presents itself as read-only, but it mandates changing local CLI behavior by enabling auto-plugin installation and updating plugins. These are persistent environment modifications that expand the trusted code base and can alter future command execution, so the read-only framing is materially misleading.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill claims all operations are read-only while requiring AI-mode enable/disable and user-agent configuration changes before and after execution. Even if no cloud resources are modified, these commands change local tool configuration and may affect auditing, telemetry, or later sessions, so the description understates the actual side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly lists `RegistrantName` and `Email` as response fields for domain-detail queries without any guidance to minimize, mask, or warn before displaying them. In an agent skill context, this increases the chance the assistant will surface personal or account-linked data to users by default, creating unnecessary privacy exposure and possible leakage of registrant PII.

External Script Fetching

High
Category
Supply Chain
Content
### Quick Install (All Platforms)

```bash
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash
aliyun version
```
Confidence
98% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
### Quick Install (All Platforms)

```bash
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash
aliyun version
```
Confidence
99% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal