Back to skill

Security audit

Baidu Cloud BOS

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Baidu BOS integration, but it needs review because it stores cloud keys locally and includes high-impact delete/sync operations without strong safeguards.

Install only if you want an agent to manage Baidu BOS resources. Use a dedicated least-privilege or temporary credential, avoid pasting broad account keys into shell commands, verify exact bucket and path targets before delete or sync actions, and remove or rotate the saved credentials when the skill is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes destructive operations such as recursive delete and sync with --delete, but it does not require explicit user confirmation, dry-run, or path/bucket verification before execution. In a cloud storage skill, this can directly cause large-scale irreversible data loss if the agent misinterprets user intent or parameters.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill asks users to provide long-lived cloud credentials and states they will be persisted, but it does not clearly warn about the sensitivity of these secrets, recommend least-privilege or temporary credentials, or describe rotation/revocation practices. This increases the risk of credential exposure and overbroad access if the agent logs, mishandles, or stores them insecurely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reference documents destructive commands such as recursive delete with --yes and sync with --delete without any safety guidance, confirmation expectations, or scope warnings. In an agent-skill context, this increases the risk of accidental mass deletion of cloud data because users or downstream automation may copy commands without appreciating that they are irreversible or can remove extra objects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs users to supply long-lived access keys and secret keys but does not warn that these credentials are highly sensitive and must not be logged, embedded, or shared. In an agent setting, omission of credential-handling guidance can lead to exposure through transcripts, shell history, config files, or generated examples.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script exposes a direct delete operation against cloud object storage with no confirmation prompt, dry-run mode, force flag, or other guardrail. In an agent/automation context, a mistaken parameter, prompt injection, or misuse can immediately destroy remote data, making this a real safety and security issue even if the code is not overtly malicious.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script stores long-lived cloud credentials in plaintext under the user's home directory and exports them into the current shell session, but does not clearly warn the user that highly sensitive secrets are being persisted locally. Even with chmod 600, any process running as that user, backup tooling, shell history mistakes, or later misconfiguration can expose the keys and enable unauthorized BOS access.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.