70High
The skill exposes direct Azure CLI
Behavior Analysis
Mismatch detected — The skill's stated purpose claims to cover Blob Storage, File Shares, Queue Storage, Table Storage, and Data Lake, but its executable commands (both MCP and CLI) are exclusively for Blob Storage operations.
Claims to do
Azure Storage Services: | Service | Use When | MCP Tools | CLI | |---------|----------|-----------|-----| | Blob Storage | Objects, files, backups, static content | `azure__storage` | `az storage blob` | | File Shares | SMB file shares, lift-and-shift | - | `az storage file` | | Queue Storage | Async messaging, task queues | - | `az storage queue` | | Table Storage | NoSQL key-value (consider Cosmos DB) | - | `az storage table` | | Data Lake | Big data analytics, hierarchical namespace | - | `az storage fs` |
Actually does
The skill utilizes the `azure__storage` MCP tool and `az` CLI to list Azure storage accounts, containers, and blobs, and to upload and download blob content. It also provides informational text and documentation links for various Azure Storage services.
Skill Info
Namemicrosoft/azure-skills/azure-storage
Registrygithub
Version3d8788273dee
PURLpkg:github/microsoft/azure-skills@3d8788273dee?skill=azure-storage
Stars633
Installs174,500
Source
SHA-256f52a61e789f3...
SHA-1929db0f69de0...
MD5d1b6ef2b5b30...
TLSHf3a1554d1e52...
ssdeep96:ilCDD9zHM...
Size4,718 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Direct Azure CLI command execution via fallbackhighcommand execution
The skill provides direct `bash` commands for Azure CLI (`az storage`) operations, including listing, downloading, and uploading blobs. If an agent executes these commands without strict input validation or sandboxing, it could lead to arbitrary command execution, data exfiltration (downloading sensitive files), or data injection (uploading malicious content) on the host system or within the Azure environment.
90% confidenceline 49
```bash az storage account list --output table ... az storage blob download --account-name ACCOUNT --container-name CONTAINER --name BLOB --file LOCAL_PATH az storage blob upload --account-name ACCOUNT --container-name CONTAINER --name BLOB --file LOCAL_PATH ```
Description Mismatchmediumdescription mismatch
The skill's stated purpose claims to cover Blob Storage, File Shares, Queue Storage, Table Storage, and Data Lake, but its executable commands (both MCP and CLI) are exclusively for Blob Storage operations.
85% confidence
The 'Services' table lists all five storage types, but the 'MCP Server' and 'CLI Fallback' sections only provide commands for `storage_account`, `storage_container`, and `storage_blob` operations, with no commands for File Shares, Queues, Tables, or Data Lake.
Dependencies (1)
azure.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-storage)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/microsoft/azure-skills/azure-storage"><img src="https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-storage.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/microsoft/azure-skills/azure-storage.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow