ClawHub

Alibabacloud Waf Bot Management

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Alibaba Cloud WAF Bot Management assistant, but it can make real production security-policy changes and should be used carefully.

Install only if you intend to let the agent operate Alibaba Cloud WAF. Use a least-privilege RAM policy where possible, start with read-only assessment or monitor/canary mode, and require explicit approval before any create, modify, enable, delete, or clear-address operation on production resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference explicitly documents destructive template operations such as delete-defense-template without any caution about service impact, confirmation requirements, or rollback considerations. In an automation-oriented skill, this omission can cause an agent or user to remove active bot-protection templates and unintentionally weaken or disrupt production protections.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The rule and resource management sections list delete/modify operations affecting protection rules and protected objects without warning that these changes can immediately alter enforcement for live applications. Because this skill is designed to automate WAF Bot Management, an agent following this reference could disable, delete, or rebind protections in production, causing exposure to bots, outages, or false-positive service disruption.

Missing User Warnings

High
Confidence
97% confidence
Finding
The clear-address operation is a bulk-destructive action that can wipe whitelist or blacklist entries, yet the reference provides no warning about the breadth of impact. In a WAF context, clearing trusted or blocked address sets can immediately lock out legitimate administrators or remove critical traffic filtering, materially changing the security posture.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal