Back to skill

Security audit

Alibabacloud Dms Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud DMS SQL helper, but it can read or change databases using the user's configured cloud identity.

Install only if you intend to let an agent use Alibaba Cloud DMS through your Aliyun CLI profile. Use a dedicated low-privilege RAM user or temporary credentials, prefer read-only permissions where possible, confirm the database ID and full SQL before execution, use --dry-run before writes, and review the CLI auto-plugin-install setting after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "execute SQL" is ambiguous and lacks any platform, database, or safety qualifier. Because this skill supports database lookup plus SQL execution and data modification, such a generic trigger could capture unrelated requests and route them into a privileged workflow that can alter production data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "execute SQL" is ambiguous and lacks any platform, database, or safety qualifier. Because this skill supports database lookup plus SQL execution and data modification, such a generic trigger could capture unrelated requests and route them into a privileged workflow that can alter production data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide demonstrates passing access key material directly on the command line and nearby recommends debug logging, but it does not warn that secrets can be exposed through shell history, process listings, CI logs, screenshots, or copied commands. In an agent or automation context, this increases the chance of long-lived Alibaba Cloud credentials being unintentionally disclosed and reused for unauthorized cloud access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly states that ExecuteScript supports SELECT, DML, and DDL statements, but it provides no guardrails, warnings, or restrictions around destructive operations. In a skill whose purpose includes executing SQL and modifying data, this omission can normalize unsafe use and increase the likelihood of accidental or unauthorized deletes, updates, schema changes, or other damaging actions against production databases.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.