ClawHub

Alibabacloud Migrate

Security checks across malware telemetry and agentic risk

Overview

This cloud-migration skill is not malware, but it needs Review because parts of it move beyond code generation into operational cloud-change guidance and weaken its approval gate.

Install only if you are comfortable letting an agent inspect Terraform, tfvars, and tfstate files and write migration artifacts. Use it on a copy or scoped workspace, review all generated Terraform and guides manually, do not let it run terraform apply or destroy resources for you, and treat DNS changes, workload moves, public endpoints, and source-resource decommissioning as separate human-reviewed operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata explicitly says it is limited to code generation and should not guide deployment, DNS cutover, or live migration operations. This section instructs operational actions such as verifying running resources, updating DNS, and decommissioning old infrastructure, which can push an agent beyond safe planning into real-world change management with outage risk.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The guidance recommends migrating AKS workloads to ACK using kubectl, which is a live cluster administration action rather than assessment or Terraform generation. In an agent skill, this broadens scope from code generation into direct workload migration procedures, increasing the chance of unsafe or unauthorized production changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Telling users to decommission Azure resources after validation introduces destructive guidance without requiring staged approvals, backups, rollback plans, or explicit confirmation gates. In a migration context, premature teardown can cause irreversible downtime or data loss if hidden dependencies remain.

Ssd 4

Medium
Confidence
95% confidence
Finding
The skill defines a path where text in the initial prompt is treated as sufficient approval to bypass a later explicit confirmation checkpoint. This weakens an intended safety control and enables code generation to proceed without a contemporaneous user confirmation, increasing the chance of unintended or manipulated actions if the initial request is ambiguous or prompt-injected.

Ssd 1

High
Confidence
98% confidence
Finding
This section explicitly reframes bypassing a hard approval gate as acceptable when certain phrases appear in the initial request, and instructs the agent to mark approval as granted on the user's behalf. In a code-generation workflow for infrastructure, that erodes human-in-the-loop protection and creates a clear policy bypass that could be abused by prompt injection, misinterpretation, or accidental wording to generate high-impact Terraform changes without fresh consent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal