Back to skill

Security audit

Alibabacloud Cksync Plan

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate ClickHouse migration planner, but it includes production database credential, network exposure, and data-deleting SQL guidance without enough guardrails.

Review generated plans carefully before use. Prefer pasting query results instead of credentials, use temporary read-only accounts when access is necessary, avoid broad network exposure, and do not run DROP, TRUNCATE, ALTER, whitelist, or password-free access steps unless an authorized operator has verified the target, backups, maintenance window, and rollback plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly asks the user to provide a database username and password for direct HTTP querying, but it does not warn against sharing production credentials in chat, recommend scoped or temporary credentials, or explain the privacy and retention risks of transmitting secrets through the agent. In an LLM skill context, requesting raw credentials is especially risky because users may disclose sensitive access that could expose entire ClickHouse clusters if mishandled, logged, or reused beyond the immediate task.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to expose ClickHouse services on 0.0.0.0, whitelist multiple peer IPs, and place reusable credentials directly into cluster configuration without warning about the security implications. In a migration-planning skill, those steps may be operationally relevant, but presenting them without hardening guidance can lead to broad network exposure, default-account use, credential leakage, and unauthorized cross-cluster access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documented `ALTER TABLE ... DROP PARTITION` cleanup step is destructive and irreversible in many operational contexts, yet it is presented as a routine retry step without an explicit warning to confirm the target partition and backup state first. In a migration-planning skill, users are likely to copy commands directly, so this increases the risk of accidental production data loss.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
`TRUNCATE TABLE` removes all rows from the target table, and the example is framed as a simple retry cleanup step without a strong warning about complete data deletion. In migration workflows, this can cause severe accidental loss if the destination table, environment, or database name is misidentified.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.