ClawHub

Alibabacloud Sms Send Short Message

Security checks across malware telemetry and agentic risk

Overview

This SMS skill mostly matches its stated Alibaba Cloud SMS purpose, but it also grants broad query access to sensitive business identity records and can modify the local CLI/plugin environment.

Install only if you are comfortable giving the skill Alibaba Cloud SMS access and potentially read access to sensitive SMS qualification records. Prefer a least-privilege RAM policy limited to SendSms/SendBatchSms and only the specific query APIs you need; avoid the full policy unless an administrator approves it. Preinstall and review the aliyun CLI/plugin yourself instead of relying on automatic installation, and treat phone numbers, message contents, delivery records, and qualification data as personal or business-sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The file documents qualification-query operations that extend beyond the advertised purpose of sending SMS messages. This broadens the skill's effective scope into account reconnaissance and metadata discovery, which can expose internal business records and enable unnecessary access paths not required for routine SMS sending.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documented single-qualification detail response includes highly sensitive PII and business identity artifacts, including ID-card numbers, phone numbers, and document/image URLs. Even though the notes mention redaction, the skill still exposes a capability to retrieve this data without a clear need for the stated SMS-send use case, creating unnecessary privacy and data-minimization risk.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script can automatically install the Alibaba Cloud dysmsapi plugin at runtime, which introduces an unexpected package-management capability beyond core SMS operations. In agent or automated environments, this can modify the execution environment, pull code from external sources without explicit approval, and violate change-control or supply-chain safety expectations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill handles phone numbers and message content, which are sensitive personal and business data, but it does not prominently warn users that this data will be transmitted to Alibaba Cloud for processing. This can cause unintended disclosure of personal data, compliance issues, and user consent failures, especially in marketing or verification-code scenarios.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal