Pywayne Aliyun Oss

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Aliyun OSS file-management guide, but users should scope credentials and confirm delete operations.

Install only if you intend to manage Aliyun OSS buckets. Use least-privilege credentials limited to the intended bucket and operations, verify the external pywayne package before relying on it, and require list-before-delete plus explicit confirmation for delete, move, or prefix-based bulk actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill documents delete operations but does not warn that they are irreversible or encourage confirmation/scoping safeguards before use. In an agent setting, exposing destructive storage actions without clear caution increases the chance of accidental mass deletion from a bucket or prefix, especially because prefix-based deletion can affect many objects at once.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal