Back to skill

Security audit

Alibabacloud Mse Nacos Inspection

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Alibaba Cloud Nacos read-only inspection helper, with credential setup documentation users should handle carefully.

Install this only if you intend to let an agent run Aliyun CLI read-only inspection commands against your Alibaba Cloud account. Use a least-privilege RAM profile, prefer temporary credentials or role-based access, do not paste real access keys into chat or shared logs, and review the generated Markdown report before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill instructs the agent to generate a local `.md` report file without making the file write prominent at the point of action or requiring explicit user consent. Silent local file creation is a state-changing side effect that can surprise users, leak potentially sensitive inventory/usage data onto disk, or violate expectations in otherwise read-only inspection workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to pass long-lived access keys directly on the command line and via environment variables, but does not warn that these secrets can leak through shell history, process inspection, terminal recording, CI logs, or support screenshots. In an agent or automation context, this normalizes unsafe secret handling and increases the chance of credential exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document displays `~/.aliyun/config.json` containing access key material without an immediate, prominent warning that the file is sensitive and must be protected. Readers may copy this pattern into real environments and leave plaintext cloud credentials stored locally without adequate filesystem protections or awareness of backup/sync exposure.

Ssd 3

Medium
Confidence
86% confidence
Finding
The examples include realistic-looking access key IDs, secrets, and token material in plaintext command and JSON snippets, which normalizes the practice of exposing secrets directly in documentation and copied terminal commands. Even if illustrative, this can train users to paste real credentials into unsafe places and may cause scanners or operators to mishandle actual secrets similarly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.generated_source_template_injection

User-controlled placeholder is embedded directly into generated source code.

Critical
Code
suspicious.generated_source_template_injection
Location
SKILL.md:218