Back to skill

Security audit

Alibabacloud Elasticsearch Network Manage

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Alibaba Cloud Elasticsearch administration skill, but it can make sensitive network and authentication changes with insufficient guardrails.

Install only if you intentionally want an agent to help administer Alibaba Cloud Elasticsearch network/security settings. Use a dedicated least-privilege RAM user or role scoped to the exact instance, prefer temporary credentials, review every command body before execution, and require explicit human approval before opening public access, replacing allowlists, disabling HTTPS, disabling SSO, or changing persistent Aliyun CLI/plugin settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
98% confidence
Finding
The trigger list includes the generic term "https", which is a common everyday/security-related word and can cause the skill to activate in unrelated conversations. Because this skill performs sensitive network and access-control changes, accidental invocation increases the risk of unintended exposure or configuration changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description advertises operations that can open public access, change white IP lists, disable HTTPS, and alter SSO, but it does not prominently warn about service exposure, lockout, or security downgrade risks. In this context, missing upfront warnings makes dangerous actions easier to initiate without users appreciating the consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide shows users placing long-lived access keys and secrets directly on the command line and in environment variables without warning that these values may be exposed through shell history, process listings, CI logs, or persisted environment state. In an automation-focused skill, this increases the chance that operators copy unsafe patterns into production workflows and unintentionally leak credentials.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document recommends broad RAM policies for security-sensitive network operations such as disabling HTTPS, modifying IP whitelists, and changing Kibana SSO settings, including examples with Resource set to "*". In a skill specifically designed to manage Elasticsearch network access, omitting least-privilege guidance and security warnings increases the chance that operators overgrant permissions and make unsafe changes that weaken instance access controls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document describes high-impact operations that can enable/disable public or private network access, overwrite whitelist entries, and disable HTTPS, but it does not consistently require explicit user confirmation, impact warnings, or rollback guidance before those actions are taken. In an agent skill context, documentation often drives agent behavior, so omission of safety gates can lead to accidental lockout, unintended exposure, or service disruption.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation provides a ready-to-run whitelist modification workflow that changes network access controls but does not warn that expanding or replacing white IP groups can expose the Elasticsearch instance to unintended networks or lock out legitimate access. In a network-management skill, operators are likely to copy these commands directly, so omission of security cautions materially increases the chance of insecure configuration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The CloseHttps section instructs users how to disable HTTPS without warning that doing so downgrades transport security and may expose credentials, session data, and management traffic to interception or tampering. Because this skill manages network settings for a production service, normalizing insecure transport is more dangerous than in generic reference material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.