ClawHub

Alibabacloud Pts Task

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Alibaba Cloud PTS automation skill, but it can start real load tests and delete cloud test scenarios with some unclear safety controls.

Install only if you intend to let an agent operate Alibaba Cloud PTS. Use a least-privilege RAM role, test only systems you own or are authorized to assess, require a final human confirmation before any start/stop/delete action, avoid production targets unless explicitly approved, and do not put real tokens or credentials in scene JSON or shared debug logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The delete workflow contains conflicting directives: it says to always invoke the delete API unconditionally, but also says deletion must not proceed for running scenarios until they are stopped and fully halted. In an agentic setting, contradictory safety logic can cause unsafe or inconsistent execution, including deletion attempts against active stress tests or brittle behavior that bypasses intended guardrails.

Intent-Code Divergence

Low
Confidence
76% confidence
Finding
The skill's global smart-mode rule says fully specified requests may execute immediately without reconfirmation, while the JMeter start workflow separately requires explicit approval before starting. This inconsistency can lead an agent to choose the less restrictive branch and launch a high-impact load test without the intended confirmation step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes a realistic-looking token value (`test-token-123`) in `GlobalParameterList`, which can normalize embedding secrets directly in scene definitions and encourage unsafe copy-paste into real tests. In a load-testing skill, this is particularly risky because scene JSON may be stored, shared, or logged, causing accidental credential exposure if users replace the sample with production tokens.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This file documents how to create and run PTS stress-testing scenarios against arbitrary target URLs but does not prominently warn that load tests can disrupt systems if run without authorization or with excessive concurrency. Because this skill is specifically for creating, starting, and deleting pressure-test scenarios, omission of safety/authorization guidance increases the chance of misuse against external or production systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This documentation enumerates operational CLI commands that can create, start, stop, and delete live PTS and JMeter scenarios, but it does not warn that these actions may trigger real load against targets or irreversibly remove test assets. In the context of a worker skill whose purpose is to execute concrete PTS operations, omission of safety warnings and confirmation requirements increases the chance of accidental disruptive testing, service impact, or destructive deletion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document recommends using `--log-level debug` and states that output includes request/response headers and body content, but it does not warn that these logs may capture sensitive data such as credentials, tokens, cookies, signed requests, or target payloads. In a cloud operations skill, users are likely to run these commands against real environments, so verbose logs can easily leak secrets into terminals, shell history captures, CI logs, or shared troubleshooting artifacts.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal