ClawHub

Alibabacloud Waf Cname Config Export

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform a real Alibaba Cloud WAF export task, but it should be reviewed because it handles cloud credentials and sensitive WAF configuration with incomplete disclosure and an unnecessary extra API probe.

Install only if you are comfortable granting read access to Alibaba Cloud WAF configuration. Prefer short-lived or least-privileged RAM credentials, avoid putting real access keys directly in shell commands or logs, review where the Excel export will be saved, and handle the exported file as sensitive infrastructure data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly directs execution of multiple shell commands and a bundled Python script, but it does not declare any corresponding permissions or capability constraints. This creates a mismatch between what the skill can do and what its manifest communicates, reducing reviewability and increasing the chance of unintended command execution against the user's local environment and cloud account.

Description-Behavior Mismatch

Low
Confidence
78% confidence
Finding
The script performs an extra describe-domain-detail API call even when no domains exist to export, which exceeds the minimum behavior implied by an export-only tool. While not directly dangerous in isolation, it creates unnecessary side effects, may generate misleading audit logs, and violates least-privilege/least-action expectations for a data export skill.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
The comment claims the extra probe is mandatory and normalizes behavior that intentionally calls a detail API with a fake domain value despite there being nothing to export. That pattern is suspicious because it encourages unnecessary API activity and can conceal behavior that diverges from the skill's stated purpose.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide shows secrets passed directly on the command line and via shell exports without warning that credentials may be captured in shell history, CI logs, terminal recording, or process inspection on multi-user systems. In an agent or automation context, this materially increases the chance of credential disclosure and subsequent account compromise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document encourages non-interactive credential configuration for scripts and agents but does not immediately warn that this stores long-lived credentials in ~/.aliyun/config.json. In automation environments, this can leave reusable cloud credentials on disk where they may be exfiltrated from compromised hosts, images, or workspaces.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Telling users to enable debug logging without warning about sensitive output can expose authentication context, request metadata, endpoints, and possibly credential-adjacent details in logs. In CI/CD or agent-driven workflows, those logs are often centralized or retained, increasing the blast radius of accidental disclosure.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The script exports sensitive WAF configuration data, including domains, backend targets, certificate IDs, SNI settings, ports, and resource group identifiers, into a local Excel file without an explicit warning or confirmation. In an agent skill context, silent local export increases the risk of unintended data exposure, mishandling, or storage in insecure locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal