Alicloud Data Lake Dlf Next
v1.0.3Manage Alibaba Cloud Data Lake Formation (DlfNext) via OpenAPI/SDK. Use whenever the user needs DLF Next catalog/governance resource operations, including li...
⭐ 0· 1.1k·2 current·2 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description and included script match the stated purpose (discovering DlfNext OpenAPI metadata and guiding SDK/API calls). However, the registry metadata claims no required environment variables or primary credential while SKILL.md explicitly requires ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optionally ALICLOUD_REGION_ID (and a shared config file path). That mismatch (undeclared credential requirements) is inconsistent.
Instruction Scope
SKILL.md instructs the agent to use environment credentials or read ~/.alibabacloud/credentials, to call SDK/OpenAPI (including mutating Create/Update APIs), and to save evidence under output/. The included script only fetches public OpenAPI metadata, but the prose expects access to credentials and to perform API calls. Reading the shared credentials file and writing evidence that may include key parameters are actions beyond simple metadata discovery and should have been declared explicitly.
Install Mechanism
No install spec is provided (instruction-only) and the only code is a small Python script that fetches JSON from api.aliyun.com. There are no remote downloads at install time, no package installs, and nothing written to disk by an installer—this is low install risk.
Credentials
Requesting Alibaba Cloud access keys is proportionate to a cloud-management skill. The problem is that the skill metadata does not declare these required environment variables or a primary credential, so the skill may attempt to access secrets that were not advertised. It also instructs reading a shared credentials file (~/.alibabacloud/credentials), which could expose multiple profiles/keys if present.
Persistence & Privilege
The skill is not set to always:true and does not request persistent platform-wide privileges. It does write outputs to a local output/ directory as instructed but does not attempt to modify other skills or global agent configuration.
What to consider before installing
This skill generally matches its stated function (discovering and calling Alibaba Cloud DlfNext APIs), but there is a clear metadata/instruction mismatch: SKILL.md expects ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and may read ~/.alibabacloud/credentials, yet the skill registry shows no required credentials. Before installing or enabling this skill:
- Confirm whether you or the publisher intended the skill to have access to Alibaba Cloud credentials. If so, require that the skill metadata declare the env vars and primary credential.
- Only provide least-privilege Alibaba Cloud keys (policy limiting to read-only or to specific DLF resources) and prefer running the included script locally first to inspect behavior.
- Audit the skill output directory contents after a run to ensure no secrets were written. The included Python script fetches public metadata from api.aliyun.com (expected), but any later SDK/API usage could access or modify cloud resources—require explicit user confirmation before any mutating operations.
If you cannot verify these points with the skill publisher, treat it as untrusted for automated/autonomous invocation until the credential declarations and intended scope are clarified.Like a lobster shell, security has layers — review code before you run it.
latest
Category: service
Data Lake Formation (Next)
Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Data Lake Formation.
Workflow
- Confirm region, resource identifiers, and desired action.
- Discover API list and required parameters (see references).
- Call API with SDK or OpenAPI Explorer.
- Verify results with describe/list APIs.
AccessKey priority (must follow)
- Environment variables:
ALICLOUD_ACCESS_KEY_ID/ALICLOUD_ACCESS_KEY_SECRET/ALICLOUD_REGION_IDRegion policy:ALICLOUD_REGION_IDis an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user. - Shared config file:
~/.alibabacloud/credentials
API discovery
- Product code:
DlfNext - Default API version:
2025-03-10 - Use OpenAPI metadata endpoints to list APIs and get schemas (see references).
High-frequency operation patterns
- Inventory/list: prefer
List*/Describe*APIs to get current resources. - Change/configure: prefer
Create*/Update*/Modify*/Set*APIs for mutations. - Status/troubleshoot: prefer
Get*/Query*/Describe*StatusAPIs for diagnosis.
Minimal executable quickstart
Use metadata-first discovery before calling business APIs:
python scripts/list_openapi_meta_apis.py
Optional overrides:
python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>
The script writes API inventory artifacts under the skill output directory.
Output policy
If you need to save responses or generated artifacts, write them under:
output/alicloud-data-lake-dlf-next/
Validation
mkdir -p output/alicloud-data-lake-dlf-next
for f in skills/data-lake/alicloud-data-lake-dlf-next/scripts/*.py; do
python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-data-lake-dlf-next/validate.txt
Pass criteria: command exits 0 and output/alicloud-data-lake-dlf-next/validate.txt is generated.
Output And Evidence
- Save artifacts, command outputs, and API response summaries under
output/alicloud-data-lake-dlf-next/. - Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Prerequisites
- Configure least-privilege Alibaba Cloud credentials before execution.
- Prefer environment variables:
ALICLOUD_ACCESS_KEY_ID,ALICLOUD_ACCESS_KEY_SECRET, optionalALICLOUD_REGION_ID. - If region is unclear, ask the user before running mutating operations.
References
- Sources:
references/sources.md
Comments
Loading comments...