Back to skill

Security audit

Alibabacloud Apigw Inspection

Security checks across malware telemetry and agentic risk

Overview

The skill performs the stated read-only Alibaba Cloud gateway checks, but it also mandates broad local CLI/plugin changes and points users toward persistent cloud credential setup.

Install only if you are comfortable with the Aliyun CLI and plugin changes. Prefer temporary or tightly scoped read-only RAM credentials, avoid root or broad AccessKeys, do not let an agent run global plugin updates automatically, and approve each local install/update and cloud API query explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill requires enabling auto-plugin installation and updating all existing Aliyun CLI plugins, which modifies the local environment and expands execution beyond the stated read-only inspection purpose. This creates unnecessary supply-chain and environment-drift risk because a monitoring skill should not need blanket plugin auto-install/update behavior to inspect remote resources.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill embeds OS-level installation commands (`brew`, `curl | bash`, PowerShell download/unzip) even though its core purpose is gateway inspection. Including executable installation paths inside the skill encourages local system modification and introduces avoidable supply-chain risk, especially the shell-piped remote script install pattern.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill mandates `aliyun plugin install --names apig` during execution, which changes the local toolchain despite the task being read-only cloud inspection. Runtime installation increases attack surface and can be abused to trigger unreviewed code retrieval or alter a user's environment without a strong need tied to the immediate inspection request.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This guide materially expands the skill from gateway inspection into general Alibaba Cloud administration by teaching installation, authentication, profile management, plugin discovery, and use of unrelated services such as ECS, VPC, RDS, and FC. In an agent skill intended only for gateway monitoring, this creates unnecessary capability enablement and increases the chance an agent or user configures broad cloud access that can be reused beyond the stated scope.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation instructs users how to configure long-lived credentials, manage multiple profiles, and install arbitrary product plugins even though the skill only needs gateway monitoring. This unnecessarily enables privilege expansion and persistent access across Alibaba Cloud services, making credential misuse or agent overreach more likely if the skill environment is compromised or misused.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match common requests such as checking gateway health or performance, which raises the chance of unintended invocation. Because this skill can lead to local installation/update behavior and cloud API access, overbroad activation increases the likelihood of the agent taking actions the user did not specifically request.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The acceptance criteria explicitly instruct installing a CLI plugin and executing multiple external-service commands, but they do not require an explicit user-facing notice or confirmation before making a local system change or contacting Alibaba Cloud APIs. In an agentic setting, this can lead to unannounced environment modification and unintended API activity, which is a genuine safety issue even though the commands are operational rather than overtly malicious.

Session Persistence

Medium
Category
Rogue Agent
Content
1. Log in to Aliyun Console: https://ram.console.aliyun.com/
2. Navigate to: AccessKey Management
3. Create a new AccessKey pair
4. Save the secret immediately — it's only shown once

### Configuration Modes
Confidence
76% confidence
Finding
Create a new AccessKey pair 4. Save the secret immediately — it's only shown once ### Configuration Modes > **⚠️ SECURITY WARNING**: The examples below use `<placeholder>` values. **NEVER** hardcode

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.