ClawHub

Alibabacloud Waf Protectionconfig Backup

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate read-only WAF backup skill, but it handles cloud credentials and exports sensitive security configuration with insufficient safety guidance.

Install only if you need Alibaba Cloud WAF configuration backups and can use a least-privilege read-only RAM role or short-lived credentials. Avoid pasting real access keys into command lines, chats, or logs; redact debug/config output before sharing; and store generated Excel backups in a restricted, approved location, preferably encrypted or access-controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs users to pass long-lived access key material directly on the command line and to store secrets in environment variables/config files, but it does not warn that command history, shell audit logs, process listings, CI logs, and shared host environments may expose those credentials. In the context of an automation-focused skill, this omission increases the chance that real cloud credentials are leaked and later abused to access or modify Alibaba Cloud resources.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The troubleshooting section recommends `aliyun configure get` and debug logging without warning that these outputs can reveal credential configuration, account identifiers, endpoints, and other sensitive metadata. Users may copy debug output into logs, support tickets, or chat systems, unintentionally disclosing information useful for account compromise or reconnaissance.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The workflow exports detailed WAF protection configuration into local Excel workbooks, which can contain sensitive security metadata such as rules, templates, bindings, address books, and blacklists. Storing this data locally without an explicit warning, access-control guidance, or protection requirements increases the risk of accidental disclosure through insecure filesystem permissions, endpoint compromise, syncing to shared drives, or mishandling of backup artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal