Alicloud Ai Recommend Airec

v1.0.3

Manage Alibaba Cloud AIRec (Airec) via OpenAPI/SDK. Use whenever the user needs recommendation-engine resource operations in Alibaba Cloud, including list/cr...

⭐ 0· 1.2k·2 current·2 all-time

by@cinience

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The description says the skill manages AIRec resources (list/create/update/troubleshoot), and the SKILL.md instructs use of Alibaba Cloud SDKs and credentials. However, the bundle contains only an OpenAPI metadata-listing script (which fetches public API docs) and the registry metadata lists no required environment variables or primary credential. Either the skill is incomplete (instruction-only relying on external SDKs) or the declared requirements are missing — this mismatch is incoherent.

ℹ

Instruction Scope

SKILL.md gives concrete runtime instructions: prefer environment variables ALICLOUD_ACCESS_KEY_ID/SECRET/REGION, or shared config at ~/.alibabacloud/credentials; run the provided script to fetch API metadata; and save evidence under output/alicloud-ai-recommend-airec including key parameters (region/resource id/time range). Those instructions stay within AIRec management scope, but asking the agent to record key parameters (resource ids, times, region) could capture sensitive identifiers and the guidance to pick a region when unset gives the agent decision latitude — both warrant explicit user review.

✓

Install Mechanism

No install spec; the skill is instruction-only plus a small Python script that performs public HTTPS GETs and writes files under the skill output directory. No remote downloads or extract/install steps are present.

Credentials

The SKILL.md expects ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET (and optionally ALICLOUD_REGION_ID) and references ~/.alibabacloud/credentials, which are reasonable for a management skill — but the registry metadata lists no required env or primary credential, and the included script does not use credentials (it calls public metadata endpoints). The mismatch between declared manifest and runtime instructions is disproportionate and unclear.

✓

Persistence & Privilege

The skill is not always: true and does not request system-wide persistence. It writes artifacts only under its own output directory per SKILL.md; no privileged flags or modifications to other skills are present.

What to consider before installing

This skill's description and SKILL.md indicate it needs Alibaba Cloud credentials to perform management operations, but the package manifest doesn't declare those requirements and the only included code is a harmless public API-metadata fetcher. Before installing: (1) Ask the publisher why required env vars are not declared in the registry and whether any mutating operations will be performed automatically. (2) If you plan to run it, use least-privilege Alibaba Cloud credentials (create a role/key with only the narrow AIRec permissions you need). (3) Inspect any further code or prompts that would perform Create/Update calls before providing real credentials. (4) Be aware the skill instructs saving 'key parameters' (region/resource ids) to output files — treat those outputs as potentially sensitive. If the publisher supplies clear code that performs the claimed management operations and updates the manifest to declare the credentials, this would reduce concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk9702bs7s6r51yh9k8pr3y9wnd82qkns

1.2kdownloads

0stars

4versions

Updated 23h ago

v1.0.3

MIT-0

Category: service

AIRec

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for AIRec.

Workflow

Confirm region, resource identifiers, and desired action.
Discover API list and required parameters (see references).
Call API with SDK or OpenAPI Explorer.
Verify results with describe/list APIs.

AccessKey priority (must follow)

Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
Shared config file: ~/.alibabacloud/credentials

API discovery

Product code: Airec
Default API version: 2020-11-26
Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

Inventory/list: prefer List* / Describe* APIs to get current resources.
Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/alicloud-ai-recommend-airec/

Validation

mkdir -p output/alicloud-ai-recommend-airec
for f in skills/ai/recommendation/alicloud-ai-recommend-airec/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-ai-recommend-airec/validate.txt

Pass criteria: command exits 0 and output/alicloud-ai-recommend-airec/validate.txt is generated.

Output And Evidence

Save artifacts, command outputs, and API response summaries under output/alicloud-ai-recommend-airec/.
Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

Configure least-privilege Alibaba Cloud credentials before execution.
Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
If region is unclear, ask the user before running mutating operations.

References

Sources: references/sources.md

Comments

Loading comments...