Back to skill

Security audit

Alibabacloud Dms Data Agent Platform Setup

Security checks across malware telemetry and agentic risk

Overview

This skill coherently provisions Alibaba Cloud DMS/Dify resources, but users should handle credentials carefully before running it.

Install only if you intend to provision Dify on Alibaba Cloud DMS. Use a dedicated least-privilege RAM role, run with DryRun=true first, review expected costs, and avoid placing real passwords directly in reusable shell history or shared-terminal logs; prefer a secure wrapper or temporary protected input for secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
This is a mismatch because the declared description is limited to provisioning/deploying/setting up a new Dify instance, but the code also implements detection/listing of existing Dify instances using the ListDifyInstances OpenAPI action. The creation path itself is consistent with the description, including parameter validation and calling CreateDifyInstance, and it does use Alibaba Cloud DMS as stated. However, the extra capability to enumerate existing instances is not mentioned in the description, so under the criteria, this hidden behavior should be flagged.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to place plaintext passwords directly in a shell command argument inside a JSON payload. Command-line arguments are often exposed through shell history, process listings, audit logs, terminal scrollback, and orchestration telemetry, which can leak database and service credentials to other local users or logging systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.