ClawHub

Alibabacloud Rds Mysql Inspection

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Alibaba Cloud RDS MySQL inspection tool that reads cloud health data and writes local HTML reports, with no artifact-backed evidence of deception, exfiltration, or destructive behavior.

Install only if you intend to let the agent inspect Alibaba Cloud RDS MySQL inventory using your Aliyun CLI profile. Prefer a least-privilege RAM policy scoped to needed regions or instances, confirm any all-instance scan, and store or delete the generated HTML reports carefully because they may contain infrastructure metadata and SQL details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger list includes broad phrases such as generic inspection and analysis terms, which can cause the skill to activate for requests beyond the user's intended scope. In an agent setting, overbroad activation can lead to unintended cloud-wide enumeration, API usage, and report generation against many RDS instances.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The description does not prominently warn that the skill generates multiple HTML files on local disk, including per-instance reports and a summary. This can surprise users, leak sensitive infrastructure metadata to shared workstations, and create persistent artifacts containing instance inventory, alerts, and performance information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script writes rich HTML reports containing sensitive infrastructure metadata, alert history, SQL templates, database names, node IDs, VPC/VSwitch identifiers, and operational health details to local files without access controls, redaction, or prominent sensitivity warnings. If those reports are shared, uploaded, or stored in weakly protected locations, they can materially aid lateral movement, reconnaissance, and disclosure of sensitive query/business data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal