ClawHub
Back to skill

Security audit

Alibabacloud Devops

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Alibaba Cloud DevOps automation helper, but it asks users to configure broad token-backed write access and includes under-scoped guidance for high-impact deployments, repository changes, and token exposure risks.

Install only if you intend to let an agent operate Yunxiao DevOps resources. Use least-privilege, short-lived tokens, prefer environment or secret-manager injection over command-line token flags, avoid exposing SSE beyond localhost without TLS and access controls, and require explicit confirmation before deployments, approvals, deletes, branch/file changes, and variable updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very broad terms such as "DevOps", "pipeline", "sprint", and "artifact repository", which can cause the skill to activate in many generic workplace contexts unrelated to explicit Yunxiao intent. Over-broad activation increases the chance the agent enters a high-privilege operational workflow unexpectedly, potentially leading to unintended repository, pipeline, or project-management actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation demonstrates supplying a personal access token directly on the command line, which can expose the token through shell history, process listings, audit logs, and telemetry. In a DevOps context, such tokens may grant repository, pipeline, artifact, or project access, making accidental leakage materially risky.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly documents passing Personal Access Tokens via command-line parameters as an accepted authentication method, but provides no warning that CLI arguments may be exposed through shell history, process listings, logging, or telemetry. In a DevOps automation context, these tokens likely grant broad access to source code, pipelines, artifacts, and release workflows, so accidental exposure can lead to account or organization compromise.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The release-promotion scenario provides step-by-step instructions to execute a release stage that changes application deployment state, but it lacks any safety notice, approval requirement, or confirmation checkpoint before affecting staging. In this skill's DevOps context, operational actions are high-impact because they can trigger deployments, modify environments, and potentially cause outages or unintended releases if invoked casually or through misunderstanding.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to provide a personal access token via environment variables and examples, but does not include any guidance on protecting, scoping, rotating, or avoiding accidental disclosure of that credential. In a DevOps skill, these tokens can grant broad access to repositories, pipelines, work items, and release workflows, so omission of handling warnings materially increases the chance of credential leakage or misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The SSE setup exposes a token-backed service over plain HTTP at localhost:3000 without any warning that transport must be protected when accessed beyond a strictly local boundary. Because this skill manages sensitive DevOps operations, using unencrypted transport in remote, shared, tunneled, or proxied scenarios could expose tokens, tool inputs, and operational data to interception or unauthorized access.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This catalog enumerates branch, file, and change-request operations including create, update, and delete actions, but provides no safety guidance about their state-changing effects. In a DevOps skill, that omission can cause an agent or user to invoke destructive repository actions without realizing they modify live source control data, leading to unintended code loss or workflow disruption.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The listed tools can trigger real pipeline runs, execute jobs, perform deployments, skip or retry release stages, and approve validations, yet the document does not warn that these actions may affect live build and release systems. In the context of a DevOps automation skill, this increases the chance of unintended production changes, service disruption, or bypass of normal release controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
These tools manage global variables and variable groups that commonly store secrets, tokens, endpoints, and deployment configuration, but the catalog omits any warning about sensitive data handling. In a DevOps setting, poor guidance around these operations can lead to secret exposure, accidental overwrite of credentials, or insecure propagation of production configuration.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal