ClawHub

Alibabacloud Polardbx Ai Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud PolarDB-X diagnostic helper that uses the user's Aliyun CLI profile to call Alibaba Cloud DAS/YaoChi, with credential-handling and installer safety caveats.

Use this only with an Aliyun profile intended for PolarDB-X diagnostics, preferably OAuth, STS, or a least-privilege RAM role. Do not paste real access keys into chat or logged shell commands, review any remote installer before executing it, and avoid sending secrets or highly sensitive production details in diagnostic prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The file first forbids entering or echoing credentials in-session, then later provides direct examples using `aliyun configure set --access-key-id ... --access-key-secret ...`. In an agent setting, contradictory guidance increases the chance the model or user will paste long-lived secrets into the shell session, exposing credentials through terminal history, logs, transcripts, or tool telemetry.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Piping a remotely fetched script directly into `bash` executes unreviewed code immediately with the user's privileges. If the remote host, CDN path, TLS trust chain, or downloaded content is compromised, the agent could run arbitrary code on the local machine.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
This example repeats the same unsafe remote-script execution pattern during installation, normalizing direct execution of network content. In an agent workflow, such examples are especially dangerous because they are likely to be executed mechanically rather than reviewed by a human.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The verification procedure instructs the operator to invoke a remote agent using valid Alibaba Cloud credentials, but it does not warn that prompts and related metadata may be transmitted to external services. In a database operations skill, test prompts can easily include instance identifiers, topology details, or operational context, creating an avoidable data exposure risk during verification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script transmits the user's natural-language query and account-context request data to a remote Alibaba Cloud DAS/YaoChi API using the caller's configured aliyun credentials, but it does not provide an explicit runtime warning or consent prompt before sending potentially sensitive operational data. In a database O&M assistant context, queries may include instance IDs, topology details, diagnostics, or security-related information, so silent network transmission can create confidentiality and privacy risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal