Alicloud Ai Chatbot
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Alibaba Cloud Chatbot management skill, with expected risks from using cloud credentials, making user-directed configuration changes, and saving local output files.
Install only if you intend to let the agent manage Alibaba Cloud Chatbot resources. Use a least-privilege AccessKey, confirm the account, region, resource IDs, and proposed changes before mutations, and review or clean up generated output files that may contain cloud configuration details.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad credentials are available, the agent could query or change Alibaba Cloud Chatbot resources within that account.
The skill explicitly uses Alibaba Cloud account credentials, including a local shared credentials file. This is expected for managing Alibaba Cloud resources, but it gives the agent delegated cloud-account authority.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Use a least-privilege Alibaba Cloud AccessKey limited to the needed Chatbot actions and confirm the intended account and region before use.
Incorrect parameters or an unintended region/resource could change chatbot configuration.
The skill authorizes mutating Alibaba Cloud API calls. This matches its management purpose, but these operations can alter cloud resources.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Review the exact API, region, resource identifier, and proposed change before allowing mutating operations; prefer list/describe checks first.
Users have less external provenance information for verifying the package origin.
The registry does not provide a source repository or homepage. The included code is visible and static scan is clean, so this is a provenance note rather than a behavior concern.
Source: unknown Homepage: none
Inspect the included files before installation and prefer verified publishers or source links for production cloud-management skills.
Running the quickstart will contact api.aliyun.com and create files under the selected output directory.
The helper script performs a disclosed network fetch from Alibaba Cloud OpenAPI metadata and writes local output files. This is expected for API discovery and is user-directed.
with urllib.request.urlopen(req, timeout=timeout) as resp:
return json.loads(resp.read().decode("utf-8"))Run the script only when metadata discovery is needed and avoid untrusted override values for output paths or product/version arguments.
Local output files may retain cloud resource details after the task is complete.
The skill stores API response summaries and evidence files locally. This is disclosed and useful for reproducibility, but such files may contain resource names, IDs, or configuration details.
Save artifacts, command outputs, and API response summaries under `output/alicloud-ai-chatbot/`.
Review generated files before sharing them and delete outputs that contain sensitive resource information when no longer needed.