ClawHub

Alibabacloud Dts Task Query

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Alibaba Cloud DTS reporting skill, but it can expose broad cloud task metadata if run without filters.

Install only if you are comfortable letting the agent use your Aliyun CLI credentials to read DTS task metadata, potentially across all supported regions. Prefer a least-privilege RAM policy limited to dts:DescribeDtsJobs, review the AI-Mode and plugin-update setup steps before running them, and use --region, --instance-id, or --job-name when you do not need a full account-wide inventory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
82% confidence
Finding
Broad invocation guidance increases the chance that normal conversation about migration or task counts triggers the skill unintentionally. Because this skill performs cross-region cloud enumeration, accidental activation can expose operational inventory and generate unnecessary cloud API activity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill does not prominently warn users that it queries all regions and writes raw DTS data to temporary local files, which are both privacy- and scope-relevant behaviors. In a cloud environment, task metadata can reveal infrastructure layout, naming conventions, and migration activity, so hidden collection and storage raise the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script writes raw DTS task metadata to a local temporary JSON file before presenting results, which can expose sensitive infrastructure details such as task names, instance IDs, regions, and statuses if the host is shared, monitored, or backed up. Although mkstemp creates the file securely, the persistence is implicit and unnecessary from a least-data-retention perspective, increasing confidentiality risk in operational environments.

Ssd 3

Medium
Confidence
94% confidence
Finding
The repeated insistence on reproducing complete script output with no omission pressures the agent to disclose every returned DTS record, regardless of sensitivity or user need. In this context, full cloud task inventories can reveal region presence, task names, IDs, statuses, and timelines that may aid reconnaissance or leak internal operational details.

Ssd 3

Medium
Confidence
95% confidence
Finding
Mandatory rules to always list all tasks and never summarize remove any opportunity for data minimization. That is dangerous because the skill is expressly designed to enumerate tasks across many regions, making it easy to dump a complete operational inventory into the model response.

Ssd 3

Medium
Confidence
95% confidence
Finding
The workflow and guarantee language explicitly direct the system to print the entire collected dataset exactly, reinforcing bulk disclosure of all task records. Because the skill also stores raw JSON locally before formatting, this end-to-end design compounds the exposure risk from collection through output.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal