Security audit

Alibabacloud Kafka Capacity Assessment

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a read-only Kafka capacity checker, but its bundled CLI guide gives broad Alibaba Cloud credential and administration instructions that go beyond the stated task.

Install only if you are comfortable with Alibaba Cloud CLI access. Use a dedicated RAM user with only alikafka:GetInstanceList and cms:DescribeMetricList, avoid copying the command-line secret examples, do not grant ECS or full-access policies for this skill, and configure credentials outside the agent session using your organization’s approved secret-handling process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This file is a broad Aliyun CLI installation and credential-management guide, which materially exceeds a Kafka capacity assessment skill’s stated purpose. In an agent skill context, unnecessary cloud-administration guidance expands the reachable capability surface and can steer users or downstream automation into installing tools and configuring long-lived credentials unrelated to the declared task.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The sections on multiple profiles, generic ECS commands, and credential-priority behavior introduce general cloud-administration capabilities not justified by Kafka capacity troubleshooting. In practice, this broadens the skill from diagnostic assistance into operational account management, increasing the chance of misuse, over-privileged access, or unintended actions outside Kafka assessment.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The guide shows non-interactive commands that place access keys and secrets directly on the command line, which can leak via shell history, process listings, terminal recording, or CI logs. Because the file is instructional, users may copy-paste these examples verbatim, resulting in credential exposure and potential account compromise.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Recommending environment variables for credentials in automation without caveats can normalize insecure handling of secrets. Environment variables are often inherited by subprocesses and may be exposed through debug output, crash reports, CI metadata, or misconfigured logging, creating a realistic path to credential disclosure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal