Is skill/aleph-vm-replication safe?
https://clawhub.ai/skill/aleph-vm-replication
This skill enables legitimate but high-risk autonomous AI agent replication across Aleph Cloud infrastructure. While the functionality appears to be for genuine cloud automation purposes, the recursive self-deployment capabilities and credential propagation mechanisms create significant potential for misuse.
Category Scores
Findings (5)
MEDIUM Autonomous Agent Replication System -35 ▶
This skill enables AI agents to autonomously replicate themselves across Aleph Cloud infrastructure without human oversight. The documentation explicitly states agents can 'read this SKILL.md and create new instances — recursively', which could lead to uncontrolled proliferation.
MEDIUM Sensitive Credential Propagation -30 ▶
The skill includes detailed instructions for transferring private keys, SSH keys, and API credentials between instances. While legitimate for the intended purpose, this creates pathways for credential exposure across multiple systems.
MEDIUM Resource Consumption Attack Vector -20 ▶
Uncontrolled deployment could consume significant cloud resources and financial costs. While the skill includes cost warnings, a malicious actor could exploit this for resource-based attacks or to exhaust victim's cloud credits.
LOW Extensive System-Level Code Execution -25 ▶
The skill contains numerous shell scripts and Python code that perform system administration tasks, SSH operations, and cloud API interactions. While documented and apparently legitimate, this represents significant system access.
INFO Agent Behavior Modification Instructions -15 ▶
The skill teaches agents how to modify their own deployment and replication behavior. While not traditional prompt injection, it provides instructions for autonomous operational changes.