Back to skill

Security audit

Alibabacloud Alert Intent Router

Security checks across malware telemetry and agentic risk

Overview

This alert-routing skill mostly matches its stated purpose, but it includes under-scoped activation and a remote server command capability that users should review before installing.

Install only if you intend this skill to access Alibaba Cloud operational metadata and CMDB-derived resource relationships. Use narrow read-only RAM permissions for the router, require explicit approval before any backend action that can run commands on ECS, and remove or tightly gate RunCommand unless remote host execution is a deliberate, audited part of your incident workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad everyday terms such as "alert", "error", "异常", and "故障", which can cause the router skill to activate on loosely related user messages. In this skill's context, unintended invocation is more dangerous because activation can lead to CMDB and cloud-platform resource lookups based on parsed alert text, increasing the chance of unnecessary data access or misrouted diagnostic actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description does not clearly warn users that the workflow may query CMDB and cloud platform APIs using identifiers extracted from alert content. That omission reduces informed consent and can surprise users with backend data access, especially when alert text may contain sensitive resource IDs or environment metadata.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference explicitly documents ECS RunCommand and result retrieval without any safety boundary, approval requirement, or warning that it enables remote code execution on cloud instances. In an alert-routing/diagnostic skill, this is more dangerous because the skill may be triggered during incident handling, where an agent could escalate from read-only diagnosis to executing arbitrary commands on production hosts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.