ClawHub

Alibabacloud Polardb Ai Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Alibaba Cloud PolarDB diagnostic assistant, but users should treat its cloud credentials and CLI configuration steps carefully.

Install only if you are comfortable letting this skill use your Alibaba Cloud CLI profile to send PolarDB diagnostic queries to Alibaba Cloud DAS/YaoChi. Use a least-privilege RAM profile, avoid root or broad production credentials, verify installer URLs before running remote scripts, do not paste secrets into commands or prompts, redact CLI configuration output, and confirm AI-mode is disabled after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The document says no cleanup is required, but earlier instructions require disabling AI-mode before every exit. If cleanup is skipped, AI-mode may remain enabled beyond the intended session, changing later CLI behavior and potentially exposing subsequent commands or sessions to unintended agent-mode execution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to pipe a remotely fetched script directly into `bash` without any integrity verification or clear warning. If the remote host, transport, CDN, or upstream script is compromised, arbitrary code executes immediately on the local machine with the user's privileges.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide demonstrates passing long-lived access key credentials directly on the shell command line, which can expose secrets through shell history, terminal logging, process listings, audit tooling, and CI job output. In the context of a cloud-management skill for PolarDB and other Alibaba Cloud resources, credential compromise can enable unauthorized access to production infrastructure and data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document recommends exporting credentials as environment variables without warning that environment variables are inherited by subprocesses and may be exposed in CI logs, crash reports, debug output, or container/task metadata. Because this skill is intended for operational automation, users are especially likely to use these patterns in scripts and pipelines where accidental secret disclosure is common.

Missing User Warnings

Low
Confidence
96% confidence
Finding
The verification guide instructs users to run `aliyun configure get`, which can display profile and authentication-related configuration without any warning about handling sensitive output safely. In a cloud administration skill focused on PolarDB operations, this increases the chance that users expose access key metadata, account identifiers, or other credential-adjacent information in logs, screenshots, shared terminals, or copied debugging output.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script prints the full user query to stderr before execution, which can expose sensitive operational data typed by users, such as cluster identifiers, connection details, SQL text, incident context, or credentials mistakenly pasted into the prompt. In enterprise environments, stderr is often captured by terminal logs, CI/CD logs, shell history wrappers, or support tooling, so this creates an avoidable local disclosure risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal