Back to skill

Security audit

Alibabacloud Emas Apm Remotelog

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Alibaba Cloud EMAS remote-log helper with sensitive but purpose-aligned cloud log access and no evidence of hidden exfiltration or destructive behavior.

Install only if you administer the relevant Alibaba Cloud EMAS app and are authorized to retrieve device logs. Use a least-privilege RAM policy, avoid entering long-lived access keys in chat or shell history, prefer short-lived credentials where possible, inspect installer scripts before running them in sensitive environments, and keep log queries limited by device, time window, and keyword.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The guide goes far beyond EMAS APM remote-log usage and teaches broad Alibaba Cloud CLI installation, authentication, profile management, plugin installation, and general service operations. In an agent skill, this scope expansion increases the chance the skill is used to configure persistent cloud credentials and invoke unrelated services, creating unnecessary attack surface and privilege exposure.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The section explicitly encourages installing arbitrary Alibaba Cloud product plugins such as ecs, vpc, and rds, which are unrelated to EMAS APM remote logging. In a skill intended for a narrow operational purpose, prompting broader plugin installation normalizes capability creep and may enable an agent or user to access additional cloud surfaces unnecessarily.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples place access keys and secrets directly on the command line without warning that shell history, audit logs, job runners, and process inspection can expose them. In agent-driven or CI contexts this is especially risky because command invocations are often logged centrally and retained.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The environment variable examples export cloud credentials but do not warn that child processes inherit them and that CI logs, debugging output, crash dumps, and diagnostic tools may disclose them. This is particularly relevant for agent skills because subprocess-heavy workflows and verbose logging are common.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document provides concrete commands for enumerating devices, creating remote log collection tasks, and searching mobile app logs that may contain sensitive user, device, or application data, but it does not warn about authorization, least-privilege use, or handling of personal data. In a skill specifically meant for remote log retrieval, this omission increases the chance of misuse or accidental over-collection by legitimate operators.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
tar -xzf aliyun-cli-macosx-latest-amd64.tgz

# Move to PATH
sudo mv aliyun /usr/local/bin/

# Verify
aliyun version
Confidence
86% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Extract and install
tar -xzf aliyun-cli-linux-latest-amd64.tgz
sudo mv aliyun /usr/local/bin/

# Verify
aliyun version
Confidence
86% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Extract and install
tar -xzf aliyun-cli-linux-latest-amd64.tgz
sudo mv aliyun /usr/local/bin/

# Verify
aliyun version
Confidence
86% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.