ClawHub

Alibabacloud Starops Chat

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Alibaba Cloud STAROps troubleshooting skill, but it sends diagnostic context to Alibaba Cloud and uses local Alibaba Cloud credentials.

Use this skill only when you intend to send AIOps questions, workspace/project identifiers, and diagnostic context to Alibaba Cloud STAROps under your Alibaba Cloud credentials. Avoid including secrets in prompts, verify which Alibaba Cloud identity is active, prefer least-privilege RAM credentials, and protect thread IDs, STAROPS_URL values, and logs as sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to read environment variables and make outbound network calls to STAROps, but the skill metadata does not declare corresponding permissions. This creates a capability/visibility mismatch: operators and policy systems may not realize the skill can access sensitive runtime configuration and transmit user/workspace context to an external API.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes sending user questions, workspace metadata, and other variables to a remote STAROps endpoint and also states that tool progress and generated diagnosis text may be mirrored to stderr, but it does not warn users about the disclosure of potentially sensitive operational data. In an AIOps troubleshooting context, prompts and outputs can contain incident details, topology, service names, or internal diagnostics, so undocumented transmission and logging create a real confidentiality risk.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill sends user-supplied questions, workspace identifiers, region/project context, and thread metadata to a remote STAROps service but does not provide any explicit notice, consent prompt, or data-handling disclosure at the point of use. In an agent-skill context, users may unknowingly include incident details, internal topology, or other sensitive operational data, increasing the risk of unintended external disclosure.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The script silently loads credentials from the default Alibaba Cloud credential chain and uses them to authenticate outbound API calls without making that behavior obvious to the user. In shared or automation environments, this can cause unanticipated use of privileged cloud credentials and remote actions under the wrong identity, especially when the skill is invoked indirectly by another agent.

Context Leakage

High
Category
Data Exfiltration
Content
```

**Thread Management:**
- Extract thread ID from output
- Use the printed `STAROPS_URL` when the user needs to inspect the same thread in the STAROps console
- Always pass `--thread "<id>"` for related follow-up questions to preserve context
Confidence
88% confidence
Finding
Extract thread

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal