Back to skill

Security audit

Alibabacloud Security Health Check

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Alibaba Cloud security health-check tool that reads customer-provided or locally collected configuration data and writes local reports, with some installation and credential-use cautions.

Install this only if you are comfortable with it running local scoring scripts, optionally installing the listed Python packages, and using Alibaba Cloud CLI credentials for read-only collection. Use a dedicated read-only RAM sub-account, review the generated JSON before sharing it, and avoid running the collector scripts with broad production admin credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill directs the agent to read customer JSON files, write reports, and execute shell commands, but no explicit permissions are declared. That mismatch weakens policy enforcement and increases the chance an orchestrator will allow broader actions than reviewers expect, especially when combined with later execution instructions.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically run `pip install` without user approval, which mutates the runtime environment and pulls code from external package sources. This creates supply-chain and reproducibility risks, and can bypass normal approval boundaries for environment-changing actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script validates Alibaba Cloud credentials and then invokes product-specific collection scripts that will query cloud security services and generate JSON outputs, but it does not present an explicit consent notice describing what account data will be accessed, what artifacts will be produced, or whether the results are meant to be shared externally. In a security-audit skill, this creates a real risk of operators running credentialed collection with incomplete awareness, which can lead to unintended exposure of sensitive configuration and account metadata even if there is no obvious exfiltration in this file.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.