ClawHub

Alibabacloud Sysom Diagnosis

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent SysOM diagnosis helper, but it tells the agent to install a remote script with sudo when the CLI is missing, which is too high-impact for a diagnosis workflow without clearer user control or integrity checks.

Review this skill before installing. It appears intended for Alibaba Cloud SysOM troubleshooting and includes good credential-handling guidance, but only use it if you are comfortable with a root-level installer fetched from an Alibaba Cloud OSS URL. Prefer installing sysom-osops yourself through a verified source first, then use the skill only for diagnostic commands and recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says it only performs diagnosis and surfaces recommendations, but it also instructs the agent to install software by piping a remote script directly into sudo bash. That creates an unexpected state-changing and privileged execution path that violates least surprise and can lead to arbitrary root code execution if the remote content is compromised or altered.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
A diagnosis-only skill should not bootstrap software by executing a fetched installer with elevated privileges. This expands the skill from read-oriented troubleshooting into remote code execution and system modification, increasing the blast radius from information gathering to host compromise.

Scope Creep

High
Confidence
94% confidence
Finding
The declared allowed-tools of Bash and Read understates the effective capability because the documented Bash command performs network retrieval and privileged modification via sudo. This mismatch can bypass user expectations and policy controls that rely on the manifest to understand what the skill may do.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal