ClawHub

Alibabacloud Resourcecenter Search

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Alibaba Cloud inventory purpose, but its setup instructions can modify local CLI tooling and plugin behavior in ways users should review first.

Install only if you are comfortable letting an agent use your Alibaba Cloud CLI profile for Resource Center operations. Prefer installing and verifying Aliyun CLI yourself, keep automatic plugin installation disabled unless you deliberately need it, use read-only RAM policies where possible, avoid long-lived access keys in shell commands or logs, and require explicit confirmation before cross-account searches or any disable operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to execute shell commands (`aliyun`, `curl | bash`, plugin updates) but does not declare any permissions or capability boundaries. That creates an execution-trust gap: a reviewer or runtime may underestimate that the skill can modify local tooling, install software, and change CLI configuration on the host. In this context, undeclared shell capability is dangerous because the skill is not merely read-only inventory lookup; it can change the environment and service state.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This file is a general-purpose Alibaba Cloud CLI installation and administration guide, not a narrowly scoped Resource Center search/statistics reference. In the context of an agent skill, broad instructions for configuring credentials, using multiple auth modes, and operating arbitrary services expand the accessible attack surface and can enable actions well beyond the skill’s declared purpose.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The guide documents elevated and cross-account authentication modes such as RamRoleArn and RamRoleArnWithEcs that can facilitate privilege escalation or broad tenant access if an agent is allowed to follow them. For a Resource Center search skill, these capabilities are unnecessary and make misuse more dangerous because they normalize powerful credential setups outside the stated read/search scope.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The plugin section encourages installing arbitrary Alibaba Cloud product plugins such as ECS, VPC, and RDS, which are unrelated to a Resource Center search skill. This broadens the command surface available to an agent or operator and increases the likelihood of unintended or unauthorized actions in other services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document recommends exporting long-lived access keys as environment variables without cautioning that they may leak through shell history, process inspection, CI/CD logs, crash dumps, or inherited subprocess environments. In an agent or automation setting, this is especially risky because secrets can propagate across tools and be exposed outside the intended trust boundary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation includes a service-disabling command with no warning about operational impact, confirmation requirements, or rollback considerations. In an agent skill context, this increases the chance that an automated system or unsuspecting user could disable Resource Center and disrupt inventory/search visibility or dependent workflows.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The cross-account operations are documented without clear warnings about scope, authorization, and privacy implications, which can normalize broad enumeration across an entire Resource Directory. In an agent skill, this is risky because users may invoke wide-scope searches or tag enumeration without understanding that they are querying resources belonging to multiple accounts.

External Script Fetching

High
Category
Supply Chain
Content
> **Pre-check: Aliyun CLI >= 3.3.3 required**
> Run `aliyun version` to verify >= 3.3.3. If not installed or version too low,
> run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to install/update,
> or see `references/cli-installation-guide.md` for installation instructions.
> Then **[MUST]** run `aliyun configure set --auto-plugin-install true` to enable automatic plugin installation.
> Then **[MUST]** run `aliyun plugin update` to ensure that any existing plugins on your local machine are always up-to-date.
Confidence
98% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal