ClawHub
Back to skill

Security audit

Alibabacloud Pts Pilot

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a cloud-performance-testing router, but it can silently choose a cloud region and delegate state-changing operations without clear user confirmation.

Review this skill before installing if you use Alibaba Cloud PTS across multiple regions or production-like environments. Only use it where cn-shanghai is an acceptable default, and explicitly provide RegionId and resource identifiers in requests to reduce the chance of actions running against the wrong environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
Silently forcing `RegionId=cn-shanghai` can cause actions or report queries to be performed against the wrong cloud region without the user's informed consent. In an operations context, that can lead to unintended creation, start/stop, deletion, or disclosure of test assets in the wrong environment, especially because the downstream sub-skill may execute state-changing actions.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The repeated instruction to silently default `RegionId` and avoid asking the user increases the chance of unintended delegation to the wrong environment as a systematic behavior, not a one-off documentation issue. Because this router feeds execution-oriented sub-skills, the context makes silent region selection more dangerous than in a purely informational skill.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- **Mixed intent** — "Create scenario and start immediately"
  → Route to `alibabacloud-pts-task` with `intent=create`, ask it to chain `start` after success. Pass both in one handoff.
- **Region missing** — "Start scene-abc"
  → Default to `cn-shanghai`, never ask the user, delegate directly.
- **SceneId format uncertain** — user supplies an ID without confirming source
  → Do NOT validate format in router; delegate as-is, sub-skill will surface any error.
Confidence
89% confidence
Finding
never ask the user

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal