Skillv1.0.3

ClawScan security

Alicloud Data Analytics Dataanalysisgbi · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 9:39 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (fetch OpenAPI metadata and help call Alibaba Cloud DataAnalysisGBI APIs), but its manifest omits the Alibaba Cloud credential/config declarations that the runtime instructions require — an incoherence you should resolve before trusting credentials to it.
Guidance: This skill appears to do what it advertises (discovering Alibaba Cloud DataAnalysisGBI OpenAPI metadata and guiding API/SDK calls). However, SKILL.md expects you to provide Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET) or use ~/.alibabacloud/credentials, but the skill's registry metadata did not declare these required env vars — that mismatch is concerning because you might not notice you are handing sensitive keys to this skill. Before installing or running: (1) verify the skill source/trustworthiness (author, registry page); (2) prefer creating a least-privilege Alibaba Cloud key scoped to only DataAnalysisGBI operations; (3) consider supplying credentials via a temporary or constrained mechanism rather than system-wide env vars; (4) inspect the script locally (it only fetches api.aliyun.com metadata) and run it manually in a safe environment if unsure; and (5) be aware the skill will write outputs under output/alicloud-data-analytics-dataanalysisgbi/ — ensure that directory is secure and does not get uploaded to external services. If the publisher can't explain why the manifest omits the credential declarations, treat the skill as untrusted until corrected.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and included script match the stated purpose (discovering and listing DataAnalysisGBI OpenAPI metadata and guiding SDK/API calls). There are no unrelated binaries or third-party installs. However, the SKILL.md expects Alibaba Cloud credentials and shared config usage even though the registry metadata lists no required environment variables or config paths — this mismatch is unexpected.
Instruction Scope: okSKILL.md instructions are scoped to API discovery and making API calls (confirm region/ids, use List/Describe/Create/Update, verify with describe/list). It instructs writing artifacts to a skill-specific output directory. It does reference reading credentials from environment variables or the shared config file (~/.alibabacloud/credentials), which is appropriate for cloud API calls but extends beyond the manifest declarations (see purpose_capability). There are no instructions to exfiltrate data to unexpected endpoints; the included script only fetches api.aliyun.com metadata.
Install Mechanism: okThis is instruction-only with a small helper script; there is no install spec, no downloads, and nothing written to system paths. The included Python script uses stdlib urllib to fetch metadata — low install risk.
Credentials: concernThe SKILL.md explicitly requires Alibaba Cloud AccessKey env vars (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID) and offers a shared config file as fallback. The skill manifest (registry metadata) however lists no required env vars or config paths. That under-declaration is a red flag because the runtime will ask for sensitive credentials but the manifest does not advertise them, making it harder for users to notice what secrets they must provide. The number and type of credentials requested are proportionate to the stated cloud-management purpose, but they must be declared upfront.
Persistence & Privilege: okalways:false and user-invocable:true (defaults) — no forced permanent presence. The skill writes artifacts under its own output directory per SKILL.md; it does not request system-wide configuration changes or modify other skills.