Back to skill

Security audit

Alibabacloud Dataworks Datastudio Develop

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a legitimate Alibaba Cloud DataWorks helper, but it needs Review because its documentation can guide high-impact production deployments and destructive data operations without consistent safeguards.

Install only if you are comfortable giving an agent access to Alibaba Cloud DataWorks projects and related data systems. Use least-privilege, non-root, preferably temporary credentials; avoid production projects until you have reviewed generated specs and SQL. Treat Online/Offline deployments, pipeline cancellation, DROP/DELETE/TRUNCATE SQL, shell nodes, and preSql/postSql hooks as actions that need explicit human confirmation and backups or rollback plans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (71)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation exposes `Offline` and `abolish_pipeline_run` operations even though the skill metadata says delete operations are not supported. While these are not literal delete APIs, they are mutating and disruptive lifecycle actions that can take production objects offline or cancel active deployments, so the mismatch can mislead an agent or user into performing actions outside the advertised safety boundary.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
This is a true vulnerability in documentation/examples: a DM source/reader example includes `preSql` with `delete from XXX;`, which is a destructive write operation inconsistent with a reader that is supposed to perform extraction. In a skill that supports operational use of data development and synchronization jobs, users may copy this example into real pipelines, causing unintended source-side data deletion before reads.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file explicitly documents `DROP TABLE` support for the ODPS_DDL node, which contradicts the skill metadata's claim that delete operations are not supported. In a mutating infrastructure/data-management skill, this mismatch is dangerous because an agent or user may rely on the manifest's safety boundary and still be guided into irreversible destructive actions that delete production data.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger language is very broad ('also triggers for Alibaba Cloud data development, scheduling node configuration, FlowSpec format, or DI task orchestration'), which can cause the skill to activate in contexts the user did not intend. Because this skill performs mutating cloud operations, overbroad invocation materially increases the risk of accidental changes to workflows, nodes, resources, and deployment state.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The deployment sequence ends with a live publication command (`CreatePipelineRun --Type Online`) but provides no explicit warning, confirmation gate, or prerequisite validation before pushing workflow changes online. In a skill that supports mutating DataWorks operations, this increases the chance of accidental production deployment, potentially triggering unintended ETL jobs, data movement, schedule changes, or service disruption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template instructs the operator to run a live publication step (`CreatePipelineRun --Type Online`) without any explicit warning, confirmation gate, or distinction between test and production environments. In a skill specifically designed for mutating DataWorks workflow operations, this can cause unintended deployment of incomplete or unsafe workflow changes directly into a production scheduling environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The cancellation example directly invokes `abolish_pipeline_run` with no warning, approval step, or confirmation requirement. In this skill context, deployment operations affect live DataWorks workflows and scheduled data pipelines, so an agent following the recipe could interrupt a production rollout or leave data jobs in an inconsistent operational state.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This documentation shows a mutating import operation that can create or overwrite workflow and child node configuration in a DataWorks project, but it does not include any warning that the action changes project state or should require explicit user confirmation. In the context of an agent skill that performs infrastructure-like workflow management, omission of mutation warnings increases the chance of unintended configuration changes, bulk imports, or accidental deployment-impacting modifications.

Missing User Warnings

Low
Confidence
90% confidence
Finding
This documentation exposes a mutating move operation without any explicit warning that it changes project structure and may disrupt downstream references, automation, or operator expectations if invoked unintentionally. In this skill's context, move/rename actions are explicitly called out as requiring user confirmation, so omitting that warning at the API reference level increases the risk of accidental misuse by an agent or user.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The documentation exposes a mutating rename operation without any explicit warning or confirmation requirement, even though the skill metadata states rename actions require explicit user confirmation. In an agent-driven context, this mismatch increases the chance of unintended changes to production metadata if a user request is ambiguous or the agent acts autonomously.

Missing User Warnings

Low
Confidence
92% confidence
Finding
This documentation exposes a mutating rename operation without any user-facing caution that it changes remote node metadata. In an agent skill context, omission of an explicit confirmation/warning can lead to unintended state changes if the action is invoked automatically or with ambiguous user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file provides ready-to-run examples for a state-changing workflow update operation but does not warn the user that executing the command will modify workflow definitions in a live DataWorks project. In this skill context, the risk is elevated because the broader skill explicitly supports mutating operations and users may copy-paste examples directly, leading to unintended pipeline or scheduling changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to pass access keys and secrets directly on the command line and to export them as environment variables, but it does not warn that these values can be exposed via shell history, process listings, CI logs, or inherited environments. In a skill intended for automation and agent-driven use, this omission materially increases the chance of credential leakage and unauthorized cloud access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The troubleshooting section recommends debug logging without warning that debug output may contain sensitive request metadata, credential-provider details, endpoints, or other authentication-related information. Users may enable debug mode in shared terminals, CI systems, or ticket attachments and inadvertently leak secrets or security-relevant details.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The guide documents `abolish-pipeline-run` as a normal recovery step but does not require explicit user confirmation or prominently warn that it disrupts an in-progress deployment. In a skill that can perform mutating workflow operations, this omission can cause the agent or operator to cancel live deployments unintentionally, resulting in service disruption or inconsistent release state.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes executing arbitrary Shell scripts on CDH gateway nodes for file operations and cluster management, but it does not prominently warn users about the security implications of running privileged or destructive commands in that environment. In a skill that enables mutating operations across cluster resources, missing safety guidance can increase the chance of dangerous misuse, accidental damage, or unsafe automation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly exposes preSql and postSql hooks and the example uses destructive statements (`delete from XXX;`) without any warning, guardrails, or requirement for explicit confirmation. In a skill that supports mutating data-development operations, this can normalize unsafe usage and lead users or downstream agents to execute data-loss operations against production Redshift tables.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly states that the default `writeMode` is `truncate`, which replaces existing S3 objects, but it does not provide a clear warning about destructive behavior or data loss. In a skill that supports mutating data-development operations, normalizing overwrite behavior as the default increases the chance of accidental destructive writes by users or downstream agents.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly promotes potentially destructive write behaviors such as replace, which deletes conflicting rows before reinserting, and allows arbitrary preSql/postSql execution without any cautionary language. In a skill that supports mutating data-development operations, this increases the risk that an agent or user will apply data-destructive settings without understanding overwrite, delete-and-replace, or task-hook side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly exposes preSql and postSql hooks that execute arbitrary SQL before and after synchronization, but it provides no warning that these statements can mutate or destroy data. In the context of a DataWorks development skill that supports operational workflow changes, omitting safety guidance increases the chance that an agent or user will run dangerous SQL such as TRUNCATE, DROP, or mass UPDATE as part of a sync job.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly exposes `preSql` and `postSql` hooks that execute arbitrary SQL before and after synchronization, but it provides no warning about destructive or privilege-sensitive operations. In a mutating data-development skill, this is dangerous because users or downstream agents may treat these fields as routine configuration and unintentionally perform deletes, mass updates, truncation, or other harmful database changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation includes example preSql/postSql statements that perform DELETE and UPDATE operations without any explicit warning that these statements mutate destination data. In a skill specifically used to create and configure DataWorks synchronization jobs, users may copy these examples directly into production pipelines, causing unintended data loss or modification if placeholders are replaced incorrectly or applied to the wrong table.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation explicitly supports writing to a DB2 destination and allows arbitrary preSql and postSql statements to run before and after synchronization, but it provides no warning that these statements can modify schema, overwrite data, or execute destructive operations. In the context of a mutating DataWorks skill, this omission increases the chance that an agent or user will perform unsafe database changes without explicit confirmation or guardrails.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly advertises execution of arbitrary preSql/postSql statements and includes a destructive DELETE example without any warning, guardrails, or requirement for explicit user confirmation. In a skill that supports mutating data integration workflows, this can normalize unsafe patterns and lead users or downstream agents to perform unintended destructive operations against production databases.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example contains a destructive SQL statement (`delete from XXX;`) without any warning, safeguard, or disclosure. Because this skill is for Alibaba Cloud DataWorks data development and orchestration, examples are likely to be reused directly in production-like ETL jobs, making undocumented destructive SQL especially dangerous and increasing the chance of accidental data loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.