ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alicloud Ai Contactcenter Ai

v1.0.3

Manage Alibaba Cloud Contact Center AI (ContactCenterAI) via OpenAPI/SDK. Use whenever the task involves Contact Center AI resource lifecycle operations, con...

0· 1.1k·2 current·2 all-time
by@cinience
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included materials: SKILL.md and a small helper script that discovers Alibaba Cloud OpenAPI metadata for ContactCenterAI. However, the skill's metadata does not declare the cloud credentials or primaryEnv that the SKILL.md explicitly prioritizes, which is inconsistent (likely an oversight but relevant to authorization expectations).
Instruction Scope
Runtime instructions are confined to Alibaba Cloud API discovery and use of SDK/OpenAPI Explorer and to writing outputs under the skill's output directory. The SKILL.md asks the agent to use environment credentials or ~/.alibabacloud/credentials and to verify/list APIs before mutating resources, which is appropriate for this purpose. It does permit mutating operations (Create/Update/etc.), which is expected for a cloud management skill but requires user consent and least-privilege credentials.
Install Mechanism
No install spec; instruction-only with a small Python script. The script uses urllib to fetch metadata from api.aliyun.com and writes files under output/, which is low-risk and transparent.
!
Credentials
SKILL.md requires Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optional ALICLOUD_REGION_ID) and references ~/.alibabacloud/credentials, but the registry 'requires.env' and 'primary credential' fields are empty. That mismatch means the platform won't flag or gate credential requirements automatically—reviewers/users should treat the skill as needing cloud credentials and supply least-privilege keys before allowing mutating operations.
Persistence & Privilege
The skill is not always-enabled and does not request persistent presence or special privileges. It does not modify other skills or system-wide settings; outputs are limited to the skill's own output directory.
What to consider before installing
This skill appears to do what it says: discover and call Alibaba Cloud ContactCenterAI OpenAPIs. However, SKILL.md expects you to supply Alibaba Cloud AccessKey credentials or a shared credentials file, but the skill metadata does not declare those requirements—likely an authoring oversight. Before installing or invoking the skill: 1) Treat it as requiring ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET and provide only least-privilege keys that are allowed to manage ContactCenterAI resources. 2) Review the included script (scripts/list_openapi_meta_apis.py) and any runtime commands to confirm they only call api.aliyun.com and write to the stated output path. 3) Be cautious with autonomous invocation or granting it the ability to perform mutating APIs; prefer manual approval for Create/Update/Delete actions. If the publisher can update the registry metadata to declare the required environment variables and primary credential, that will resolve the main inconsistency and reduce this concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk97drng4heh0sg1d0kjsf0g3mh82pt3y
1.1kdownloads
0stars
4versions
Updated 22h ago
v1.0.3
MIT-0
@cinience
latest
Download

Category: service

Contact Center AI

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Contact Center AI.

Workflow

  1. Confirm region, resource identifiers, and desired action.
  2. Discover API list and required parameters (see references).
  3. Call API with SDK or OpenAPI Explorer.
  4. Verify results with describe/list APIs.

AccessKey priority (must follow)

  1. Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
  2. Shared config file: ~/.alibabacloud/credentials

API discovery

  • Product code: ContactCenterAI
  • Default API version: 2024-06-03
  • Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

  1. Inventory/list: prefer List* / Describe* APIs to get current resources.
  2. Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
  3. Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/alicloud-ai-contactcenter-ai/

Validation

mkdir -p output/alicloud-ai-contactcenter-ai
for f in skills/ai/service/alicloud-ai-contactcenter-ai/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-ai-contactcenter-ai/validate.txt

Pass criteria: command exits 0 and output/alicloud-ai-contactcenter-ai/validate.txt is generated.

Output And Evidence

  • Save artifacts, command outputs, and API response summaries under output/alicloud-ai-contactcenter-ai/.
  • Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

References

  • Sources: references/sources.md

Comments

Loading comments...