ClawHub

Alibabacloud Terraform Import

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for Alibaba Cloud Terraform import, but it gives the agent broad cloud inspection and Terraform state-changing authority that users should review carefully.

Install only if you intend to let the agent inspect Alibaba Cloud resources and work with Terraform state. Use read-only, least-privilege RAM credentials scoped to the products and regions you are importing, review every discovery/import/state command before execution, disable aliyun AI-Mode afterward if you do not want it left on, and do not paste raw Terraform state or cloud inventory output into public channels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The reference includes RAM and KMS inventory commands that enumerate users, roles, policies, and cryptographic keys, which extends beyond the core stated purpose of importing existing Alibaba Cloud infrastructure into Terraform. In an agent skill, this broadens data access and can cause unnecessary collection of sensitive identity and security metadata during routine migration workflows, increasing exposure if the agent over-collects or logs outputs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to run environment and identity-check commands that reveal local tool versions, OS details, and account identity without requiring an explicit privacy warning or scoped confirmation. In an agent setting, this can expose sensitive infrastructure metadata and cloud account identifiers that aid reconnaissance or lead to accidental disclosure in chat logs or telemetry.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requires enabling Alibaba Cloud CLI AI-Mode and setting a custom User-Agent for all commands, but does not clearly disclose the privacy implications of sending invocation metadata to a third party. This may cause cloud account activity, tool usage patterns, and agent attribution to be transmitted or logged beyond what the user expects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file lists identity and key-management enumeration commands without any warning that their outputs may reveal sensitive account structure, attached policies, usernames, role names, and key identifiers. In the context of an agent-operated discovery workflow, this omission makes it more likely the agent will run broad security-relevant commands by default and expose the results in transcripts, logs, or generated artifacts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CI example passes Alibaba Cloud access keys into Terraform and plan commands without any warning about how plan output, debug logs, runner logs, or downstream artifacts may expose sensitive values. In a Terraform/CI skill, this is contextually important because users are likely to copy the workflow verbatim into automation, where secret handling mistakes can lead to credential disclosure or broader cloud compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document includes dangerous state-manipulation commands such as `terraform state rm`, `terraform state push`, and `terraform force-unlock` with only minimal cautionary wording. In the context of an import/migration skill, users may copy-paste these commands during recovery or troubleshooting and accidentally orphan resources, overwrite remote state, or bypass locking, causing drift, loss of management, or concurrent corruption of Terraform state.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The state inspection examples `terraform state show` and `terraform show -json` expose full resource attributes, IDs, tags, and potentially sensitive metadata from infrastructure state, but the reference does not warn users against sharing or logging that output. In this skill's migration context, users are especially likely to paste command output into chats, tickets, or generated artifacts, increasing the chance of leaking infrastructure details.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal