Back to skill

Security audit

Alibabacloud Pai Node Management

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Alibaba Cloud PAI node-management guide with strong confirmation gates for mutating actions, though users should grant only tightly scoped cloud permissions.

Install only if you intend to manage Alibaba Cloud PAI nodes from Codex. Use least-privilege RAM policies scoped to the specific resource groups or quotas you manage, verify Aliyun CLI/plugin provenance, and treat cordon/uncordon/drain as real operational changes that should require the displayed CONFIRM-NODE-OP token before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill contains contradictory control-flow rules around `--cli-dry-run`: one section says dry-run is absolutely forbidden before confirmation, while a later section explicitly allows a pre-token dry-run preview. In a destructive maintenance workflow, contradictory authorization semantics are dangerous because an agent may choose the permissive branch, weakening the intended two-step confirmation barrier and enabling premature action preparation or execution-adjacent behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.generated_source_template_injection

User-controlled placeholder is embedded directly into generated source code.

Critical
Code
suspicious.generated_source_template_injection
Location
references/verification-method.md:47