ClawHub

Alibabacloud Maxframe Video Frame Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud video-processing scaffold, but users must handle cloud credentials and output-table overwrites carefully.

Install only if you are building Alibaba Cloud MaxFrame/OSS/ODPS video or image pipelines. Use least-privilege or temporary OSS/ODPS credentials, keep secrets in environment variables or a secret manager, verify output table names before running examples, and prefer versioned or temporary output tables when data loss would matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill’s safety rules say not to emit access keys or secrets, but later instructions require inline OSS credentials in generated `storage_options` for AI FUNC image fetches. This contradiction can cause generated code to embed long-lived secrets directly into job definitions, logs, notebooks, or source files, creating a clear credential exposure path.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill states that no DashScope API key is required, but it still requires OSS access keys/secrets for Stage 0 and later image-access flows. While not inherently malicious, this can mislead users into underestimating secret-handling requirements and increase the chance that sensitive credentials are inserted into scripts or shared insecurely.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation explicitly requires rejecting input paths outside OSS_ROOT, but the sample UDF never enforces that before constructing local_video_path. An attacker or malformed upstream table entry could supply an unexpected path that maps incorrectly into the mounted filesystem, causing reads from unintended locations or writes/processing against the wrong OSS objects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to pass OSS access credentials for image fetches but does not pair that instruction with a strong warning about secret exposure in generated code, notebooks, logs, or telemetry. In a code-generation skill, omission of that warning materially increases the risk of accidental credential leakage and reuse by unauthorized parties.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The verification section makes inline OSS credentials a required output property, effectively normalizing secret embedding as a correctness criterion. That is especially dangerous because it pressures generated outputs to include transferable credentials in plaintext, which can then propagate through repositories, workflow configs, and audit artifacts.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The job unconditionally writes with overwrite=True, so a misconfigured or attacker-influenced FRAME_OUTPUT_TABLE can destroy existing data without confirmation or safety checks. In a pipeline skill that operates on production ODPS tables, this raises the likelihood of destructive data loss or integrity issues.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The job writes to the destination with overwrite=True, which will destructively replace any existing ODPS table contents every time it runs. In a data-pipeline skill handling image labeling and embeddings, a misconfigured OUTPUT_TABLE or accidental rerun can cause irreversible data loss or corruption of production datasets.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal