Alibabacloud Hologres Instance Manage

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed, read-only Alibaba Cloud Hologres helper, with normal cloud-credential and CLI-installation cautions.

Install only if you are comfortable using Aliyun CLI on this machine. Prefer a least-privilege RAM role or temporary STS credentials limited to Hologres read-only access, configure secrets outside the agent session, review any curl-to-bash installer before running it, and understand that enabling automatic plugin installation changes future Aliyun CLI behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guide explicitly demonstrates configuring long-lived Access Key credentials and states that configuration is stored in ~/.aliyun/config.json, which can lead users to persist highly sensitive secrets on disk. In an agent/automation context, this increases exposure through local compromise, accidental backup/sync leakage, shell history reuse, or misuse of over-privileged static credentials.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal