ClawHub

Alibabacloud Pai Feature Store Featuredb Usage Query

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Alibaba Cloud usage-query skill, but users should be careful with the Aliyun CLI setup and cloud credentials.

Install only if you trust Aliyun CLI and are comfortable allowing its plugin install/update behavior. Use a dedicated RAM user or temporary STS credentials with only the documented read-only PAI-FeatureStore permissions, avoid pasting real access keys into chat, shared shells, or CI logs, and secure any local Aliyun credential profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The guide instructs users to install arbitrary Alibaba Cloud product plugins, which materially expands the operational scope beyond the skill's stated purpose of querying FeatureDB usage. In an agent skill context, unnecessary capability expansion increases attack surface and makes privilege creep or unintended service access more likely.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Documenting elevated and cross-account authentication modes such as RamRoleArn and RamRoleArnWithEcs is unnecessary for a read-oriented usage-query skill and normalizes broader trust boundaries than required. In a skill package, this can encourage overprivileged deployment patterns that, if adopted, enable lateral movement or access to unrelated cloud resources.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples place access key material directly on the command line and describe storage in a local config file without nearby warnings about shell history, terminal logging, process inspection, or plaintext secret persistence. These practices can expose long-lived cloud credentials to local users, logs, CI traces, or malware, leading to account compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document recommends exporting credentials as environment variables without warning that these secrets may leak into child processes, debug output, CI job logs, crash reports, or misconfigured runtime environments. In automation-oriented skill usage, this omission increases the chance of broad credential exposure across systems and tooling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal