Back to skill

Security audit

Alibabacloud Sls Index Config Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud SLS index-management skill, but its update and delete commands can affect production log search behavior.

Install this only if you intend to let an agent manage SLS Logstore indexes. Use a least-privilege RAM role, start with read-only GetIndex when possible, review the complete JSON before any update, keep a backup of the current index, and require explicit confirmation before delete-index.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The reference gives direct create, update, and delete guidance for SLS indexes but does not clearly warn that update replaces the entire index configuration and delete/remove operations can immediately change query behavior, disable field searchability, and affect analytics for newly ingested logs. In this skill context, the risk is elevated because users may execute CLI commands against production Logstores, so omission of an explicit impact warning can lead to accidental service disruption or loss of expected search/SQL access rather than a code-execution issue.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The guidance hard-codes a default of `chn: false` for Chinese indexing unless the user explicitly requests Chinese keyword search. In a multilingual log-analysis skill, this can silently degrade searchability and analysis accuracy for Chinese-language content, causing optimized configs that do not meet user needs and potentially leading to missed detections or operational blind spots.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.