Alicloud Ai Pai Aiworkspace
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Alibaba Cloud AIWorkspace helper, but using it can let the agent use your Alibaba Cloud credentials to change AIWorkspace resources and save response summaries locally.
This skill appears purpose-aligned and does not show hidden code, exfiltration, or persistence. Before using it, configure least-privilege Alibaba Cloud credentials, specify the intended region and resource IDs, confirm any create/update/modify/set action, and review locally saved output files before sharing or retaining them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with broad credentials, the agent could access or change AIWorkspace resources allowed by that Alibaba Cloud account.
The skill may use Alibaba Cloud account credentials or a local shared credential file. This is expected for AIWorkspace management, but it grants delegated cloud-account authority and is not reflected in the registry credential declarations.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Use least-privilege Alibaba Cloud credentials scoped to the required AIWorkspace actions, set the intended region explicitly, and avoid using broad administrator keys.
The agent could create or modify AIWorkspace configuration or related resources within the permissions of the supplied credentials.
The skill is designed to issue Alibaba Cloud API calls, including mutating operations. This matches the stated purpose, but cloud API mutations can have operational impact if the wrong resource, region, or action is chosen.
Call API with SDK or OpenAPI Explorer ... Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Require explicit user confirmation for mutating API calls, verify resource IDs and region before execution, and check results with describe/list APIs as the skill suggests.
Local output files may reveal resource IDs, regions, time ranges, or summarized API responses to anyone with access to the workspace files.
The skill intentionally persists API response summaries and resource-identifying parameters to local output files. This is useful for auditability, but those files may contain cloud environment metadata.
Save artifacts, command outputs, and API response summaries under `output/alicloud-ai-pai-aiworkspace/`. Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Do not save secrets in output artifacts, review generated files before sharing them, and delete or protect the output directory if it contains sensitive cloud metadata.