Cloud Infra Automation Hardened

Security checks across malware telemetry and agentic risk

Overview

This cloud automation skill can affect production infrastructure, but its behavior is disclosed, purpose-aligned, and guarded rather than hidden or automatic.

Install only if you intend to let an agent help with cloud infrastructure. Before any apply or destroy action, verify the target account, project, subscription, and environment, review the plan, use least-privilege credentials, and inspect any local `./cloud.sh` script because it was not included in the reviewed artifact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill’s invocation scope is very broad for a high-impact domain: cloud infrastructure provisioning and management. Without clearer trigger constraints, an agent could apply the skill in ambiguous contexts and perform sensitive infrastructure actions more readily than intended, increasing the chance of unauthorized changes or destructive operations.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The quick-start section prominently includes a destructive command (`./cloud.sh destroy prod`) without an inline warning, confirmation requirement, or safety note. Even though later guardrails mention confirmation for destructive operations, the example normalizes deletion in a copy-pasteable workflow and may lead users or agents to execute production-destroying commands without appreciating the risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal