ClawHub

Alibabacloud Icpba Sucessdata Query

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform its stated Alibaba Cloud filing query, but it needs Review because it uses cloud credentials, installs or updates provider tooling, prints sensitive filing details, and includes IAM setup commands beyond a read-only query.

Install only if you intentionally want an agent to use an Alibaba Cloud profile to read ICP filing success and risk data. Use a dedicated least-privilege RAM role or user limited to beian:QuerySuccessIcpData, avoid root or broad admin credentials, do not paste access keys into commands, avoid logging full results, and do not run the RAM policy creation or attachment examples unless you are deliberately performing administrator setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation states the skill is read-only and follows least privilege, but it also includes a Python example that performs the RAM CreatePolicy operation, which is a privileged write action. This mismatch can mislead operators into granting or automating IAM changes in the context of a simple data-query skill, expanding the blast radius beyond the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
A filing-data query skill should only need instructions for calling the query API, but this file embeds capability and sample code to create and attach RAM policies, which are IAM administration functions outside the skill's core purpose. Including IAM-management workflows in the skill increases the chance that users or agents with broader credentials will make unintended authorization changes, especially if they treat the skill as safe and read-only.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide demonstrates passing long-lived AccessKey credentials directly as command-line arguments, which can leak via shell history, process listings, terminal recording, or CI job logs. In an agent or automation context, this is more dangerous because commands may be logged automatically and replayed across systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Recommending environment variables for credentials without warning about leakage risks is unsafe, especially in CI/CD and agent-driven automation where environment values can be inherited by child processes, exposed in debug output, crash dumps, or misconfigured build logs. While environment variables are common, presenting them as the recommended approach without caveats can lead to credential disclosure.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation explicitly promotes automatic credential discovery and SDK-based API calls, which will cause local credentials and query data to be sent to Alibaba Cloud services when used. In a skill context, failing to warn users that cloud credentials may be sourced automatically from the environment, credential files, instance roles, or STS increases the risk of unintended data access and external transmission, especially in shared or privileged runtime environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly covers retrieval of potentially sensitive filing data, including entity names, domains, app information, risk alerts, and responsible-person names, but provides no privacy, authorization, or data-handling warnings. In a skill context, this omission can normalize bulk access, display, or onward disclosure of personal and regulated business data without validating lawful purpose or least-privilege use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The verification examples print ICP filing details such as entity names, responsible person names, website/app identifiers, domains, and risk data directly to stdout. In real deployments, console output is commonly captured by CI logs, terminals, and centralized logging systems, which can expose sensitive business and personal information to unintended viewers.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script makes an authenticated outbound API call using ambient Alibaba Cloud credentials without any explicit runtime notice or consent step. In an agent/skill context, this can surprise users, trigger unintended credential use, and transmit potentially sensitive ICP filing and risk data to a remote service without clear operator awareness.

External Script Fetching

High
Category
Supply Chain
Content
**Pre-check: Aliyun CLI >= 3.3.3 required**
> Run `aliyun version` to verify >= 3.3.3. If not installed or version too low,
> run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to install/update,
> or see `references/cli-installation-guide.md` for installation instructions.

**Pre-check: Aliyun CLI plugin update required**
Confidence
97% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal