ClawHub

Alibabacloud Sas Install Agent

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Alibaba Cloud security-agent purpose, but it needs review because it can run privileged installs and scans on servers with incomplete confirmation gates.

Review before installing. Use this only for Alibaba Cloud accounts and servers you control, with least-privilege RAM credentials or temporary roles. Require explicit confirmation before any agent install, Cloud Assistant run-command, authorization change, paid feature change, uninstall, or scan dispatch. Prefer verified package installation over curl-to-bash, verify installer sources where possible, and watch for persistent agents, local CLI config changes, and possible billing impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs users to download and immediately execute a remote installer script/binary as an administrator, but does not include strong warnings about the trust boundary, integrity verification, or the risks of elevated execution. If the download source, DNS path, console-supplied command, or transport chain were compromised, this would enable full host compromise with root/Administrator privileges.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This documentation includes a concrete remote-command example that downloads and executes an installation script on target ECS instances via Cloud Assistant, but it does not require an explicit confirmation, scope check, or safety warning before performing code execution on remote hosts. In a skill specifically designed to onboard and manage security agents, this materially increases the chance of unintended fleet-wide command execution or misuse against the wrong instances, especially when combined with region/instance selection logic and automation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide demonstrates passing long-lived access keys directly on the command line, which commonly exposes secrets via shell history, process listings, CI logs, and plaintext storage in ~/.aliyun/config.json. Although the document later mentions not committing credentials and securing the config file, it does not clearly warn at the point of use that these examples can leak secrets during normal administration workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This section instructs users to download and execute installer binaries/scripts with administrator or root privileges, including remote dispatch via Cloud Assistant, but provides minimal warning about the resulting system changes and trust implications. In a security-agent installation skill this behavior is expected, yet it is still risky because it causes privileged code execution on target hosts and could lead to compromise or unintended changes if commands, domains, or install codes are wrong or tampered with.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
3. Trigger new scans — two distinct modes:
   - **Targeted scan** (specific server): Use `modify-push-all-task` with the target UUID for ALL scan types (vulnerability + baseline + fingerprint). **NEVER use `modify-start-vul-scan` for targeted scans.**
   - **Full scan** (all servers): Use `modify-start-vul-scan` (vulnerability), `exec-strategy` (baseline), `generate-once-task` (fingerprint), `create-virus-scan-once-task` (virus)
4. For targeted asset scans, automatically execute prerequisite chain: authorization check -> client check -> auto-install -> dispatch scan + virus scan
5. After dispatching, poll progress: vulnerability scan (describe-once-task), baseline check (describe-strategy.ExecStatus), virus scan (get-virus-scan-latest-task-statistic); query risk results after all complete

**Key constraints**:
Confidence
91% confidence
Finding
automatically execute

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
**Procedure**:
1. Obtain install command (via console or API `describe-install-codes` / `add-install-code`)
2. Select the corresponding command based on server OS and network access method
3. Log into the server and execute the command with admin privileges

> Install code (`-k=` parameter) is obtained via the describe-install-codes API. Different access methods correspond to different install codes.
Confidence
90% confidence
Finding
execute the command with admin

External Script Fetching

High
Category
Supply Chain
Content
> **Pre-check: Aliyun CLI >= 3.3.3 required**
> Run `aliyun version` to verify >= 3.3.3. If not installed or version too low,
> run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to install/update,
> or see `references/cli-installation-guide.md` for installation instructions.
> Then [MUST] run `aliyun configure set --auto-plugin-install true` to enable automatic plugin installation.
> Then [MUST] run `aliyun plugin update` to ensure that any existing plugins on your local machine are always up-to-date.
Confidence
99% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal