Alicloud Backup Hbr
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Alibaba Cloud Backup helper, but it can use Alibaba Cloud credentials to make backup configuration changes, so mutations should be reviewed carefully.
Before using this skill, configure least-privilege Alibaba Cloud credentials for only the needed HBR operations, confirm region and resource IDs before any change, and review local output files because they may contain cloud resource details.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make real changes to Alibaba Cloud Backup configuration if given a mutation task.
The skill explicitly directs the agent toward mutating Alibaba Cloud HBR APIs. This matches the backup-management purpose, but mistakes could change live backup policies or resources.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Use only for intended HBR tasks, confirm the exact region/resource/action before mutations, and review results with describe/list APIs.
The agent can act with whatever permissions those Alibaba Cloud credentials have.
The skill may use Alibaba Cloud credentials from the environment or local shared credential file. This is expected for Alibaba Cloud management, but it delegates cloud account authority to the agent.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Provide least-privilege credentials limited to the needed Cloud Backup/HBR actions and region, and avoid using broad administrator keys.
Local output files may reveal information about cloud backup resources and operations.
The skill stores local evidence and summaries that may include cloud resource identifiers or operational details. This is purpose-aligned but creates local artifacts users should protect.
Save artifacts, command outputs, and API response summaries under `output/alicloud-backup-hbr/`. Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Keep the output directory private, avoid saving secrets in evidence files, and delete artifacts when no longer needed.