ClawHub
Back to skill

Security audit

Alibabacloud Nas Mount Diagnosis

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent Alibaba Cloud NAS troubleshooting guide, but it includes under-scoped remediation steps that can weaken Windows SMB security or make persistent system changes.

Review this skill before installing if it may be used on production Windows or Linux hosts. Prefer the read-only aliyun API diagnosis paths, inspect any downloaded diagnostic script before running it, and do not apply SMB guest-auth/signing or persistent boot-service changes unless you understand the security impact and have a rollback plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Rogue AgentSelf-Modification, Session Persistence
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs users to download and execute a remote Python script from an external URL on their systems. Even if hosted by the vendor, this creates a remote code execution path outside the skill's declared read-only API diagnostics and exposes users to supply-chain compromise, script tampering, or unexpected local actions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The Windows troubleshooting flow tells users to fetch and run an external PowerShell script, which is executable code delivered over the network to the user's machine. This exceeds pure diagnosis and can lead to code execution risks, especially if the remote artifact changes, is compromised, or runs with elevated privileges.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation explicitly instructs users to download and run a remote PowerShell script from the internet. Even if the script is vendor-hosted, this is code execution guidance in a troubleshooting reference without integrity verification, code review guidance, or a warning that the command executes untrusted remote content on the user's system.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document instructs users to download a Python script from the network and execute it directly with no integrity verification, provenance warning, signature/hash check, or recommendation to inspect the code first. This creates a supply-chain execution risk: if the hosted file is modified, replaced, or intercepted, users may run arbitrary code during troubleshooting, often with elevated privileges or on production systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The auto-check section normalizes downloading and executing a PowerShell script without any warning about network retrieval, trust boundaries, or execution risk. In a support skill, users are likely to copy-paste commands verbatim, which increases the chance of unsafe execution if the remote file is changed, compromised, or intercepted through another upstream weakness.

Missing User Warnings

High
Confidence
98% confidence
Finding
The guidance tells users to enable AllowInsecureGuestAuth and potentially relax related SMB client protections with no warning about the consequences. This weakens SMB authentication posture and can expose systems to unauthorized access, downgrade scenarios, or unsafe connections to servers that do not properly authenticate clients.

Missing User Warnings

High
Confidence
98% confidence
Finding
The instructions recommend disabling mandatory SMB signing to resolve a connectivity issue but omit that signing protects integrity and helps prevent tampering and man-in-the-middle attacks. Removing this control can materially reduce transport security, especially on untrusted or shared networks.

Unvalidated Output Injection

High
Category
Output Handling
Content
cmd.extend([f"--{k}", str(v)])

    try:
        result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
        if result.returncode != 0:
            return None, result.stderr.strip()
        return json.loads(result.stdout), None
Confidence
95% confidence
Finding
subprocess.run(cmd, capture_output

Session Persistence

Medium
Category
Rogue Agent
Content
| Windows system error 1272 | Guest access blocked by security policy | Set registry `AllowInsecureGuestAuth` to 1 |
| Windows system error 3227320323 | Digital signing policy conflict | Disable "Microsoft network client: Digitally sign communications (always)" policy |
| Windows system error 1312 | PowerShell mount username error | Enter correct workgroup name and username |
| Auto-mount failure on boot (CentOS 7) | remote-fs.target not enabled | `systemctl enable remote-fs.target` |
| Windows NFS network error 1222 | NFS client not installed | Install NFS client |

## Important Notes
Confidence
78% confidence
Finding
systemctl enable

Cloud Metadata Access

High
Category
Server-Side Request Forgery
Content
- Alibaba Cloud network connectivity detection (on-demand Ping probes)
- ICMP PMTUD error messages (Path MTU Discovery)
- SLB load balancer forwarding traffic (controlled by SLB's security group/ACL)
- MetaServer access (100.100.100.200, instance metadata service)

### Step 5: Output Diagnosis Report
Confidence
85% confidence
Finding
100.100.100.200

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
"access_group": access_group_name,
        "rules": rules_info,
    }
    return rules, result


def check_ecs_instance(instance_id, region):
Confidence
85% confidence
Finding
return rules

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal