Back to skill

Security audit

Alibabacloud Nginx Ingress To Api Gateway

Security checks across malware telemetry and agentic risk

Overview

This is a coherent offline Kubernetes migration helper, but users should review its generated deployment and rollback commands before running them.

Use this skill for offline migration assistance, but do not let an agent run kubectl, docker push/login, or registry operations automatically. Review generated YAML and WasmPlugin code, pin dependencies where practical, confirm your Kubernetes context and namespace, and test with dry-run or staging before applying or deleting live Ingress resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document gives contradictory migration rules: it first states that every unsupported annotation must be replaced with a WasmPlugin, but later says `service-upstream` should be stripped with no replacement. In a migration skill, inconsistent security-relevant guidance can cause the agent to generate incorrect manifests or unnecessary plugins, leading to altered routing behavior and unsafe assumptions during production cutover.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The document instructs the agent/user to auto-detect region via `kubectl get nodes`, which requires live cluster access and conflicts with the stated skill boundary that analysis needs only pasted files and no cluster access. In an agent setting, this can cause unintended environment interaction, over-privileged execution, or leakage of infrastructure metadata when the user expected offline manifest analysis only.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The file instructs users to strip and replace ingress annotations but does not clearly warn that these changes can materially alter authentication, TLS, rate limiting, routing, and other live traffic controls. In this skill's context, the output is intended to drive Kubernetes/APIG migration, so under-emphasizing operational and security risk increases the chance of deploying weakened or behaviorally different gateway policies.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The rollback section instructs users to run `kubectl delete ingress -l migration.higress.io/source=nginx`, which is a destructive action that can immediately remove routing resources and disrupt live traffic if run in the wrong cluster, namespace, or before DNS is restored. In a deployment guide, destructive commands are not inherently malicious, but presenting them without an explicit warning, scope clarification, or safety checks increases the chance of operator error during a high-risk migration event.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.