ClawHub

Alibabacloud Liverecord Diagnosis

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate Alibaba Cloud live-recording diagnostic guide, but users should handle its CLI setup and credential examples carefully.

Install only if you need Alibaba Cloud Live recording diagnostics. Use a dedicated read-only RAM user or role, configure credentials outside the agent chat, avoid pasting access keys into command lines or transcripts, and check that Aliyun CLI AI mode and plugin settings are left in the state you expect after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill claims to be read-only, but it explicitly changes local CLI state by enabling AI mode and setting a persistent user agent. Even if these are not cloud-side changes, they are still configuration modifications on the operator's machine and can affect later commands, telemetry, or behavior outside this skill. In a security context, inaccurate read-only claims reduce operator awareness and can lead to unintended persistent state changes.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The cleanup section states that no cleanup is required and the skill does not modify configurations, but the workflow earlier performs local CLI configuration changes. This contradiction can leave AI mode or custom user-agent settings in place if execution is interrupted, causing hidden state persistence across future sessions. The danger is amplified because operators may trust the read-only/cleanup claims and not verify or revert local changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to pass long-lived access keys directly on the command line, which can expose secrets through shell history, process listings, terminal recordings, or support transcripts. In a diagnostic skill context, users are likely to copy/paste commands while troubleshooting, increasing the chance that real credentials are leaked during debugging or shared logs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Recommending environment variables for credentials in automation without caveats is risky because environment variables can leak to child processes, CI/CD job logs, crash dumps, debug output, and sometimes other local users. In an agent or troubleshooting workflow, operators may print environment state or enable verbose logging, unintentionally disclosing secrets.

Ssd 3

Medium
Confidence
78% confidence
Finding
Although the values appear to be example placeholders, the documentation normalizes placing access key IDs and secrets inline in commands and config files. This can condition users to paste real secrets into plaintext docs, tickets, chat, or recorded terminal sessions, which is especially risky in a support/diagnostic skill where logs and examples are commonly shared.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal