Alicloud Backup Hbr
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make real changes to Alibaba Cloud Backup configuration if given a mutation task.
The skill explicitly directs the agent toward mutating Alibaba Cloud HBR APIs. This matches the backup-management purpose, but mistakes could change live backup policies or resources.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Use only for intended HBR tasks, confirm the exact region/resource/action before mutations, and review results with describe/list APIs.
The agent can act with whatever permissions those Alibaba Cloud credentials have.
The skill may use Alibaba Cloud credentials from the environment or local shared credential file. This is expected for Alibaba Cloud management, but it delegates cloud account authority to the agent.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Provide least-privilege credentials limited to the needed Cloud Backup/HBR actions and region, and avoid using broad administrator keys.
Local output files may reveal information about cloud backup resources and operations.
The skill stores local evidence and summaries that may include cloud resource identifiers or operational details. This is purpose-aligned but creates local artifacts users should protect.
Save artifacts, command outputs, and API response summaries under `output/alicloud-backup-hbr/`. Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Keep the output directory private, avoid saving secrets in evidence files, and delete artifacts when no longer needed.