ClawHub

Alibabacloud Emas Apm Query

Security checks across malware telemetry and agentic risk

Overview

This is a coherent read-only Alibaba Cloud EMAS APM troubleshooting skill, but its outputs can contain sensitive crash, device, user, and business-log data.

Install only if you are comfortable letting the agent use your Aliyun CLI profile to read EMAS APM data and inspect the current app workspace. Use a dedicated read-only RAM profile, keep time ranges and sample sizes narrow, avoid DEBUG logs unless necessary, redact identifiers before sharing reports, and delete the generated emas-apm-dig-* directories after troubleshooting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs users to fetch and persist detailed crash samples that can contain personal and sensitive operational data such as client IP, user identifiers, device identifiers, business logs, page paths, and raw crash reports. It also recommends dumping full responses to disk without any guidance on minimization, redaction, access controls, retention, or safe handling, which increases the risk of privacy exposure and secondary leakage through local files, logs, or shared artifacts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly recommends `--log-level DEBUG` and notes that it includes HTTP bodies, but it does not warn that those bodies may contain sensitive diagnostic payloads, identifiers, stack traces, app metadata, or request parameters. In an APM troubleshooting skill, operators may copy-paste this command into shared terminals, CI logs, tickets, or chat, causing unintended disclosure of production telemetry or identifiers.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The workflow explicitly tells the skill to inspect and surface developer-injected diagnostic fields like CustomInfo and AdditionalCustomInfo, noting they often contain user-state data such as login state, channel, and AB test bucket. Without minimization, masking, or a privacy warning, the skill may expose sensitive or linkable user context in reports, increasing the risk of unintended disclosure to operators, logs, or downstream tools.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script stores raw API responses, including device identifiers such as `Did`, `Utdid`, UUIDs, location metadata, exception messages, backtraces, and event logs, into local files under a predictable output directory without any consent prompt, masking, or permission hardening. In a troubleshooting skill this is contextually relevant data, but it still increases the risk of unintended sensitive-data exposure through shared workspaces, weak filesystem permissions, backups, or accidental report distribution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal