Back to skill

Security audit

Alibabacloud Pai Dlc Job

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud job-management guide that uses Alibaba Cloud CLI credentials and permissions, with some sensitive but mostly disclosed operations users should scope carefully.

Install this only if you intend to let the agent operate Alibaba Cloud PAI-DLC jobs through your configured Aliyun CLI profile. Use a dedicated RAM user or role with the narrowest needed permissions, avoid root or broad administrator credentials, and review before allowing stop-job, web-terminal URL generation, sharing-token generation, plugin installation, or persistent CLI configuration changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The reference guide goes far beyond PAI-DLC job management and teaches broad Aliyun CLI installation, authentication, profile management, ECS usage, RAM role assumption, custom endpoints, and general account operations. In an agent skill scoped to DLC job CRUD and monitoring, this expands the available operational surface and can normalize collection and use of powerful account credentials that are unnecessary for the skill’s stated purpose.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation exposes operational guidance for `get-web-terminal` and `get-token` even though those capabilities are not declared in the stated triggers/scope. This creates a scope mismatch: an agent may still discover and invoke sensitive read-access features that were not intended to be available, increasing the risk of unauthorized terminal/session access paths or token generation for log and metric sharing.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The verification guide expands the skill's operational scope from PAI-DLC job management into AIWorkSpace resource discovery, including enumeration of workspaces, images, datasets, and code sources. That creates an authority and data-surface mismatch: an agent following this document may perform broader discovery than users expect from the declared skill, exposing metadata and enabling unintended resource selection or follow-on actions outside the advertised boundary.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Documenting `aliyun plugin install --names aliyun-cli-aiworkspace` introduces package/plugin installation behavior that is unrelated to core DLC job CRUD and monitoring. In an agent context, allowing installation of new tooling expands execution capability, changes the runtime environment, and can be abused to bypass the original skill boundary or pull in unreviewed functionality.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.