ClawHub
Back to skill

Security audit

Alibabacloud Analyticdb Postgresql Query

Security checks across malware telemetry and agentic risk

Overview

This is a documented read-only database-query helper; it handles sensitive database data, but the access, export behavior, and credential setup are disclosed and constrained by user confirmation and read-only controls.

Install only if you want an agent to help query an AnalyticDB PostgreSQL database. Use a dedicated read-only database account, limit the semantic model to approved tables, configure resource limits, review every generated SQL statement before approving execution, and treat exported CSV files as sensitive local data that should be minimized, protected, and deleted when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The guide tells the agent it can read exported CSVs directly for further analysis, but it does not restate the skill's explicit requirement for user confirmation before data access or export. In an agent setting, this omission can normalize autonomous post-export handling of potentially sensitive data and increase the chance of unapproved data processing or exfiltration to local tooling.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes very generic terms such as "analyze" and "statistics," which can cause this database skill to activate for unrelated user requests. In a shell-capable agent, accidental invocation increases the chance of unnecessary database connection checks or query-generation behavior around sensitive data, even though later HITL gates reduce the blast radius.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The export documentation provides multiple concrete ways to write query results to local CSV/TSV files but omits any warning that those files may contain sensitive business data. This increases the likelihood that an agent or user will export regulated or confidential data to insecure local storage, where it may persist, be copied, or be processed by other tools without appropriate safeguards.

Session Persistence

Medium
Category
Rogue Agent
Content
Completely independent of environment variables; psql automatically reads connection info from files:

**Step 1: Create `~/.pg_service.conf`**
```ini
[adbpg]
host=gp-xxx.gpdb.rds.aliyuncs.com
Confidence
85% confidence
Finding
Create `~/.pg_service.conf`** ```ini [adbpg] host=gp-xxx.gpdb.rds.aliyuncs.com port=5432 dbname=mydb user=analyst options=-c default_transaction_read_only=on ``` **Step 2: Create `~/.pgpass`** ``` gp

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal