ClawHub

Alibabacloud Maxcompute Migration Service

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MaxCompute migration helper, but it should be used only with carefully scoped cloud credentials because it can affect real migration jobs and data access.

Install only if you intend to manage real Alibaba Cloud MaxCompute migrations. Use a dedicated least-privilege RAM profile, avoid broad FullAccess/admin grants unless temporarily approved, never paste secrets into chat or shared terminals, verify every region/source/job ID before approving actions, and confirm Aliyun CLI AI-mode and auto-plugin settings match your environment after the workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains broad generic terms such as '扫描', '定时器', '迁移状态', '迁移进度', and '跨地域' that are not uniquely tied to MaxCompute Migration Service. This can cause unintended skill invocation in unrelated contexts, potentially leading the agent to request or operate on migration-sensitive resources when the user meant something else.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to configure the CLI with long-lived AccessKey credentials directly on the command line and via environment variables, but it does not warn that secrets entered this way may be exposed through shell history, process listings, logs, or inherited environments. In a migration service context, these credentials may grant broad access to cloud resources and data movement operations, increasing the consequences of credential leakage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly recommends coarse-grained authorization such as granting the admin role or ALL privileges to the MMS service-linked role, without strong least-privilege guidance, scope constraints, or warnings about the resulting access to project data and objects. In a migration service context this can normalize overprivileged deployments, increasing blast radius if the role is misused, compromised, or later reused beyond the intended migration workflow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation presents `create-mms-job` as a normal command while noting only afterward that creation automatically starts execution. In a migration skill, that behavior can trigger immediate data movement, compute usage, and changes to production workflows if a user or agent invokes it without an explicit pre-execution warning or confirmation step.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The file documents stop, retry, and delete job-control commands without clear cautionary language about service disruption, repeated data movement, or irreversible loss of job configuration/history. In the context of a migration operations skill, these commands act on live jobs and could interrupt business processes or cause unintended reruns if surfaced casually by an agent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal