Back to skill

Security audit

Alibabacloud Oos Chatops Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Alibaba Cloud operations, but it can affect live cloud infrastructure and does not clearly require confirmation before state-changing actions.

Review this before installing if the agent has access to production Alibaba Cloud credentials. Use least-privilege RAM roles, limit OOS service-role permissions, avoid broad automatic invocation, and require human confirmation before stop, restart, scale, batch, billing, or other sensitive operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly relies on environment-based and profile-based Alibaba Cloud credentials, but no declared permissions boundary is provided for that access. In a skill that can perform cloud operations such as start/stop/restart and batch O&M, undeclared credential and environment access reduces transparency and can enable broader cloud actions than reviewers or users expect.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains broad terms such as 'ECS', 'RDS', '运维', '帮我操作', and 'resource management', which are likely to appear in normal conversation. Because this skill can initiate real cloud-management actions, unintended invocation could route benign user requests into an operational tool capable of affecting live infrastructure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.