alioss-upload
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/upload-clipboard.shutilizesevalon untrusted data sourced from the system clipboard. - Specifically, the line
EXPANDED=$(eval echo "$line" 2>/dev/null)executes content directly from the clipboard to perform shell expansion, posing a high risk of arbitrary command injection. - The final upload command in the same script is also executed using
eval $CMD, where$CMDincludes variables derived from external input. - [REMOTE_CODE_EXECUTION]: The main Python script
scripts/upload.pyperforms a dynamic installation of thealibabacloud-oss-v2package usingsubprocess.check_callif the library is not found at runtime. While the package belongs to a well-known service, the pattern of runtime package installation is a security concern. - [DATA_EXFILTRATION]: The skill requires and handles high-privilege Alibaba Cloud credentials (
OSS_ACCESS_KEY_IDandOSS_ACCESS_KEY_SECRET). While these are necessary for the skill's functionality, they represent sensitive data that could be targeted for exposure. - [INDIRECT_PROMPT_INJECTION]: The skill features multiple ingestion points for untrusted data, including the system clipboard, stdin, and interactive user prompts.
- Ingestion points:
scripts/upload-clipboard.sh(clipboard viaosascriptandpbpaste),scripts/upload.py(get_paths_from_inputfunction via stdin/input). - Boundary markers: None identified for file path parsing.
- Capability inventory: Subprocess calls in
upload.py,evaland file existence checks inupload-clipboard.sh, and network operations via the Alibaba Cloud SDK. - Sanitization: The Python script attempts to sanitize filenames with MD5 hashing, but the shell script lacks robust sanitization for the paths it processes.
Recommendations
- AI detected serious security threats
Audit Metadata