Alibabacloud Ecs Reboot Or Crash Diagnosis

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for legitimate Alibaba Cloud ECS troubleshooting, but it grants broad remote command power without enough user approval and scoping safeguards.

Install only if you are comfortable letting the agent run commands on the target ECS instance. Use a dedicated least-privilege Alibaba Cloud profile scoped to the intended instance and region, review each generated Cloud Assistant command before execution, and require explicit approval before any package install, bootloader change, service enablement, reboot, or crash dump/log disclosure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document provides remote command execution instructions via Cloud Assistant and elsewhere includes configuration-changing and reboot steps, but does not prominently warn about operational impact, required authorization, or the risk of service disruption. In an agent skill, this can lead to blindly executing commands on production instances, causing unintended outages or unsafe changes under the guise of diagnostics.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal