Back to skill

Security audit

Alibabacloud Pai Dsw Manage

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for managing Alibaba Cloud PAI DSW instances, with expected cloud-account setup and cost-impacting actions that require careful user confirmation.

Install only if you want an agent to help manage Alibaba Cloud PAI DSW resources. Use a least-privilege RAM user or temporary credentials, do not paste access keys into chat or command lines, review Aliyun CLI/plugin setup before running it, and explicitly confirm region, instance ID, cost impact, and active work before create/update/start/stop operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The guide expands beyond the stated PAI DSW management purpose by recommending installation and exploration of arbitrary Alibaba Cloud product plugins such as ECS, VPC, RDS, and FC. In an agent-skill context, this broadens the operational surface area and can enable actions outside the expected scope, increasing the chance of over-privileged use or accidental misuse of unrelated cloud services.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The documentation includes broad credentialing guidance and ECS-wide operations that are not clearly tied to managing PAI DSW instances. For a narrowly scoped skill, encouraging generic cloud authentication and wide ECS access can normalize excessive permissions and make credential misuse or lateral access to other resources more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide shows users passing access keys and secrets directly on the command line and storing them in local configuration without prominently warning that these values are highly sensitive. In practice, such secrets may be exposed through shell history, process listings, CI logs, terminal recording, or plaintext files, leading to cloud account compromise.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The documentation presents state-changing operations like create, update, start, and stop without prominently warning that they can interrupt workloads, change billing, or alter running environments. In an agent skill context, this omission can cause the agent to execute destructive or cost-incurring actions without sufficiently explicit user confirmation or awareness of operational consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.