Back to skill

Security audit

Alibabacloud Tair Ai Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud Tair diagnostics skill, but it uses your aliyun credentials and sends diagnostic prompts to Alibaba Cloud services.

Install only if you intend to use Alibaba Cloud DAS/YaoChi with your aliyun CLI account. Prefer a dedicated low-privilege RAM profile, avoid pasting secrets or customer data into prompts, review installer commands before running them, and revert persistent aliyun CLI settings after use if you do not want them to remain enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly instructs execution of shell commands and installation steps, but it does not declare corresponding permissions or capabilities. This creates a trust and enforcement gap: a host system or reviewer may underestimate what the skill can do, including running local commands that affect credentials, plugins, and system state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The verification instructions direct users to inspect local Alibaba Cloud CLI authentication state and perform authenticated API calls against Alibaba Cloud without any explicit warning that account configuration details may be exposed or that real credentials and account data will be transmitted to a cloud service. In a skill-verification context, this can normalize running commands that disclose sensitive environment/account metadata in logs, screenshots, or shared troubleshooting output, and can trigger unintended access to production resources.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the user's natural-language query, selected profile context, and account-authenticated request metadata to an Alibaba Cloud remote API, but it does not provide an explicit privacy warning or confirmation before transmission. In a cloud-admin skill, users may paste sensitive operational details, resource IDs, or incident data, so silent off-host transmission increases data exposure risk and may violate user expectations or internal handling policies.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script prints the full query to stderr unconditionally and, in debug mode, logs the expanded CLI arguments, which can expose sensitive prompts, instance identifiers, or operational details in terminal logs, CI logs, shell history captures, or orchestrator stderr collection. Because this skill is intended for infrastructure troubleshooting, the likelihood of users entering confidential environment data is elevated.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# Install aliyun CLI
curl -fsSL https://aliyuncli.alicdn.com/install.sh | bash
aliyun version  # Verify >= 3.3.1

# Enable automatic plugin installation
Confidence
98% confidence
Finding
curl -fsSL https://aliyuncli.alicdn.com/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Install aliyun CLI
curl -fsSL https://aliyuncli.alicdn.com/install.sh | bash
aliyun version  # Verify >= 3.3.1

# Enable automatic plugin installation
Confidence
97% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.