ClawHub

Alibabacloud Waf Quick Showcase

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Alibaba Cloud WAF/ECS deployment guide, but users should treat it as a billable cloud-infrastructure workflow with CLI setup risk.

Install only if you are comfortable letting the agent use Aliyun CLI to create billable Alibaba Cloud resources. Use a dedicated test account or least-privilege RAM role, prefer Homebrew or inspected manual CLI installation over curl-to-bash, confirm every region/resource/password before execution, and plan cleanup of ECS, WAF, VPC, security group, and CLI/plugin settings after the showcase.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The guide explicitly states that only OAuth is supported, but then documents ECS RAM Role as an alternative authentication mode. This inconsistency can cause operators or downstream agents to use an authentication path that the skill claims is disallowed, undermining policy enforcement and creating confusion about which credential sources are acceptable.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill is scoped to WAF protection for ECS web applications, but the guide broadens into general CLI plugin installation and unrelated service exploration such as RDS and Function Compute. Expanding scope increases the chance that an agent or user will enable unnecessary capabilities, violating least privilege and creating avoidable attack surface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to execute a remote script directly via curl piped to bash, which bypasses normal review of downloaded code and creates a supply-chain execution risk. This is more dangerous in this skill because it is framed as a mandatory prerequisite, increasing the chance that users will run it without scrutiny on their local machine.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal