Back to skill

Security audit

Alibabacloud Dts Task Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Alibaba Cloud DTS management helper, but users should treat it as high-impact because it can create, start, suspend, and delete cloud data-migration jobs.

Install/use this only if you want an agent to manage Alibaba Cloud DTS through the local aliyun CLI. Use a least-privilege RAM role, review every region/source/destination/job summary before approving creation or start actions, and avoid giving production database passwords or private-key files unless needed for the migration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill is configured to auto-trigger on very generic terms such as "migration", "create", "new", and status-related phrases, which can match ordinary conversation unrelated to Alibaba Cloud DTS. In a skill that can create, suspend, start, or delete cloud data-transfer jobs, unintended activation increases the chance of the agent entering an operational workflow or prompting for sensitive infrastructure details when the user did not intend to invoke this skill.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Using broad environment-setup triggers like "setup", "configure", and "init" is unsafe because these words commonly appear in unrelated technical conversations. Since this skill performs authentication checks and cloud-management preparation, accidental invocation could steer the conversation into credential/configuration handling or operational actions in the wrong context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to collect highly sensitive secrets including database usernames, passwords, and TLS certificate/private key contents, and to read certificate files into command parameters. Even though it says not to display them, there is no explicit minimization, consent, storage/retention warning, or safer handling pattern, so the workflow normalizes secret exfiltration into the agent context and increases the chance of leakage through logs, transcripts, shell history, error output, or downstream tooling.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill walks through creating, configuring, and starting DTS jobs that can modify live systems, move data, and incur ongoing cloud charges, but it does not require a prominent risk/charge warning or an explicit final confirmation acknowledging those effects. In context, this is more dangerous because DTS operations are operationally significant: they can replicate sensitive data to new destinations, affect production systems, and create billable resources if triggered too casually or by misunderstood prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.