ClawHub

Alibabacloud Sls Query

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a legitimate Alibaba Cloud SLS log-query helper, but its bundled setup guide broadens into risky credential and general cloud-administration guidance beyond the stated SLS scope.

Install only if you are comfortable giving the agent access to Alibaba Cloud SLS logs through your local aliyun CLI. Use a dedicated RAM user or role with only log:GetLogStoreLogs and log:GetIndex for the needed project/logstore, avoid pasting or passing access keys on command lines, avoid broad cross-account/admin roles, and ignore the unrelated ECS/VPC/RDS/FC setup examples unless you separately need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This guide materially exceeds the skill's declared SLS query/analysis scope by teaching full Aliyun CLI installation, account configuration, credential setup, profile management, and non-SLS service usage. In an agent skill, this scope expansion increases the chance the agent will help users establish broad cloud access or perform unrelated operations, enlarging attack surface and enabling misuse beyond log analysis.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The guide introduces elevated and cross-account authentication modes such as RamRoleArn and RamRoleArnWithEcs without strong justification tied to SLS-only use cases. In a skill meant for writing and executing SLS queries, documenting broad privilege-escalation and cross-account access patterns can normalize over-privileged configurations and make lateral access easier if the agent or user follows the guidance indiscriminately.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The section recommending installation of unrelated plugins and exploration of ecs, vpc, rds, and fc commands extends the skill into broader Alibaba Cloud administration. While not directly an exploit, it increases available capabilities and can cause the agent to assist with services outside its stated purpose, undermining scope control.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Defaulting to the machine's local timezone when the user does not specify one can silently query the wrong time window, causing analysts to miss relevant events or draw incorrect conclusions from incomplete data. In a security or incident-response context, this can materially affect investigations, detections, and troubleshooting by excluding or misaligning logs without explicit user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The examples place access-key secrets directly on the command line and describe storage in ~/.aliyun/config.json without nearby warnings about shell history, process-list exposure, or plaintext credential persistence. In agent-driven or shared environments, this can lead to credential leakage through logs, terminal history, screenshots, or compromised home directories.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The environment-variable examples omit warnings that exported credentials may propagate to child processes, appear in CI/CD job logs, remain in shell session state, or be readable in some debugging contexts. This is especially risky in automation and agent contexts where environment capture and verbose logging are common.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal