Back to skill

Security audit

Alibabacloud Solution Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Alibaba Cloud deployment helper, but it deserves Review because it can create or delete cloud resources and sends full failed commands and errors to a remote diagnostic API without clear consent or redaction.

Install only if you intend to let an agent operate Alibaba Cloud resources. Use a dedicated least-privilege RAM user or role, review every plan before apply or destroy, avoid pasting real secrets into commands or chat transcripts, and redact commands and error output before using the remote diagnostic helper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to pass Access Key material directly on the command line and via environment variables, but does not warn that command-line arguments can be captured in shell history, CI logs, terminal recordings, or process listings. In an agent-driven deployment skill, this is more dangerous because users may copy-paste secrets into automated workflows where logging and audit systems persist them.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Recommending debug logging for authenticated API calls without a sensitivity warning can cause request metadata, headers, signed requests, or other credential-adjacent details to be written to terminals, files, or CI logs. In a deployment automation context, debug logs are especially likely to be centralized and retained, increasing the blast radius of any accidental disclosure.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The keyword table contains several very broad triggers such as “博客”, “微信”, and “定时任务” that are common in ordinary conversation and can cause the skill to activate for requests that are only loosely related to Alibaba Cloud solution deployment. In this skill’s context, incorrect activation can steer users into deployment flows or recommendations they did not intend, creating scope confusion and increasing the chance of unsafe or irrelevant infrastructure actions.

Vague Triggers

High
Confidence
97% confidence
Finding
The rule “Partial match OK” explicitly authorizes fuzzy activation even when the user description only partially overlaps a solution domain, which makes the skill boundary unclear and prone to over-triggering. For a deployment-oriented skill, this is dangerous because ambiguous user requests may be mapped to concrete cloud solution templates or CLI guidance without sufficient evidence that the user intended that action.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-apply workflow explicitly demonstrates creating or updating cloud infrastructure without an intervening confirmation step, even though elsewhere the guide says to wait for user confirmation after reviewing a plan. In an agent skill that may autonomously execute deployment steps, this increases the risk of unintended resource creation, cost incurrence, and deployment of unsafe or incorrect configurations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the full CLI command and error text to a remote Alibaba Cloud API, which can expose sensitive operational details such as resource identifiers, account context, regions, and possibly secrets embedded in commands or error output. Although the response is sanitized before printing, there is no equivalent sanitization, minimization, or user disclosure before transmission, so sensitive data may already have left the local environment.

Ssd 3

Medium
Confidence
88% confidence
Finding
The document includes hardcoded-looking access key examples and a sample config containing plaintext credential fields, which can normalize unsafe secret handling and lead users to paste real secrets into files or screenshots. Although the values appear illustrative, the presentation is risky in an instructional skill focused on real cloud deployment where users are likely to imitate examples directly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.