ClawHub

Alibabacloud Oos Template Generation

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for Alibaba Cloud OOS template generation, but it includes under-scoped cloud mutation and execution guidance that goes beyond safe template drafting.

Install only if you specifically need Alibaba Cloud OOS help and are comfortable with the agent using an authenticated Aliyun CLI. Review any generated commands before running them, avoid pasting long-lived access keys into shells or logs, grant least-privilege OOS validation permissions where possible, and do not let the agent create, delete, or start OOS executions without explicit target review and confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill gives conflicting instructions about parameter handling: it says all user-customizable parameters must be confirmed, then later says uncertain parameters should be extracted as template parameters and vague requirements should be resolved by reasonable judgment. In an automation-template skill, this can cause generation of templates that target the wrong region, resources, or operations, increasing the chance of unsafe or unintended infrastructure actions.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The workflow tells the agent to introduce template parameters when values are uncertain, but the output rules later forbid adding parameters the user did not request. This inconsistency can lead to either hidden assumptions or omitted safety parameterization, producing templates that are inaccurate or less safe than intended.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is scoped to OOS template generation and validation, but this reference also documents create/update/delete and execution lifecycle commands. In an agent context, this broadens the reachable action surface from drafting templates to mutating or running real automation, increasing the chance that the agent suggests or invokes operations with side effects beyond the user’s intent.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list is broad enough to match many generic requests about templates or orchestration, which can cause the skill to activate when the user did not intend Alibaba Cloud OOS-specific automation. Unintended activation matters here because the skill instructs use of local CLI tools, credential checks, plugin changes, and validation workflows that can alter the environment or prompt sensitive operational actions.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger examples only show when the skill should activate, not when it should stay inactive, leaving activation boundaries ambiguous. In a privileged operations context, ambiguous routing can cause the agent to apply cloud-automation behavior to unrelated requests, increasing the risk of accidental command suggestions or unsafe template generation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide recommends passing access keys and secrets directly on the command line and storing them in the default CLI config file, but does not clearly warn that these values are sensitive and can leak via shell history, CI logs, process listings, or plaintext local storage. In the context of an automation/template-generation skill, users are especially likely to copy-paste these patterns into scripts or agent workflows, increasing credential exposure risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Documenting `delete-template` without any warning normalizes a destructive operation in a guidance file intended for generation workflows. In an agent-assisted setting, that omission can cause accidental recommendation or execution of irreversible deletion of customer automation assets.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The `start-execution` command can trigger real actions against cloud resources, potentially causing outages, configuration drift, or data-impacting operations depending on the template. Presenting it without a warning or confirmation requirement is especially risky because this skill targets orchestration, where execution is the step that turns generated content into real-world side effects.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal