Back to skill

Security audit

Alibabacloud Odps Project Manage

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches Alibaba Cloud MaxCompute project management, but its references and setup steps expose broader and riskier actions than the main description promises.

Review before installing. Use least-privilege or temporary Alibaba Cloud credentials, avoid running delete-project from the reference docs, and prefer a verified package-manager or signed installer path instead of piping a remote script to bash. Check whether auto-plugin-install remains enabled after use, and require explicit approval before creating resources that may incur cost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The related API table includes `DeleteProject`, a destructive capability that is outside the skill's declared scope of create, query, and list operations. In an agent setting, documenting undeclared destructive actions can enable unintended tool use, confusing users and reviewers about the actual privilege boundary and increasing the chance of irreversible resource deletion.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
A dedicated section provides full instructions for an irreversible `DeleteProject` operation even though the skill metadata claims only create, query, and list functionality. This materially expands the apparent operational scope and could cause an agent or operator to invoke project deletion without expecting that the skill supports destructive actions.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The verification document introduces a destructive `delete-project` operation that is outside the skill's stated scope of creating, querying, and listing projects. In an agent setting, verification steps are often reused or automated, so including an irreversible deletion path can cause unintended resource destruction, especially if a caller or orchestrator assumes all documented commands are safe and in-scope.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to install/update the CLI by piping a remotely fetched script directly into bash. This creates a code-execution path where a compromised CDN, MITM, or altered installer script would run immediately on the local machine with the user's privileges, and the skill provides no integrity verification or safety warning.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill provides a workflow to create MaxCompute projects, which changes cloud resources and may incur charges, but it does not prominently warn the user before performing the operation. In agent-driven contexts, missing confirmation and cost-impact disclosure can cause unintended resource creation and financial or governance impact.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The installation section repeats unsafe remote-script execution instructions and normalizes running them as mandatory setup. Repetition increases the chance an agent or user will execute the command without scrutiny, leading to arbitrary code execution on the host if the remote script is malicious or tampered with.

External Script Fetching

High
Category
Supply Chain
Content
**Pre-check: Aliyun CLI >= 3.3.3 required**
> Run `aliyun version` to verify >= 3.3.3. If not installed or version too low,
> run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to update,
> or see `references/cli-installation-guide.md` for installation instructions.
>
> Then [MUST] run `aliyun plugin update` to ensure that any existing plugins on your local machine are always up-to-date.
Confidence
99% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
**Pre-check: Aliyun CLI >= 3.3.3 required**
> Run `aliyun version` to verify >= 3.3.3. If not installed or version too low,
> run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to update,
> or see `references/cli-installation-guide.md` for installation instructions.

**Pre-check: Aliyun CLI plugin update required**
Confidence
99% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
```bash
# Install/Update Alibaba Cloud CLI
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

# Verify version (must be >= 3.3.3)
aliyun version
Confidence
99% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Install/Update Alibaba Cloud CLI
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

# Verify version (must be >= 3.3.3)
aliyun version
Confidence
97% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.