Alicloud Backup Bdrc
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with powerful credentials, the agent could make real changes to cloud backup or disaster-recovery configuration.
The skill explicitly supports mutating Alibaba Cloud BDRC resources via OpenAPI. This is purpose-aligned and disclosed, but these operations can alter backup and disaster-recovery policies or resources.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Use least-privilege Alibaba Cloud credentials, confirm the exact region and resource IDs, and review proposed mutating API calls before execution.
Over-scoped credentials could allow unintended access or changes across Alibaba Cloud resources.
The skill will use Alibaba Cloud AccessKeys or a local shared credential profile. This is expected for the stated cloud-management purpose, but it gives the agent whatever Alibaba Cloud authority those credentials have.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Provide a dedicated, least-privilege credential limited to the needed BDRC actions and verify the active account and region before use.
Local output files may reveal operational details about backup or disaster-recovery resources to anyone who can access the workspace.
The skill persists local evidence files that may contain cloud resource identifiers, regions, time ranges, or API response summaries. This is disclosed and scoped to the output directory.
Save artifacts, command outputs, and API response summaries under `output/alicloud-backup-bdrc/`. Include key parameters (region/resource id/time range) in evidence files
Review generated files before sharing them and avoid saving secrets or unnecessary sensitive details in the output directory.