Alicloud Data Lake Dlf Next
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong Alibaba Cloud key, account, or region is used, the agent could view or change resources within that credential's permissions.
The skill tells the agent to use Alibaba Cloud account credentials, including a local shared credential file. This is expected for DLF Next management, but it grants delegated cloud authority.
AccessKey priority ... `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Use a least-privilege Alibaba Cloud RAM user or role scoped to DLF Next, and confirm the intended account and region before use.
Approved mutation requests may create or alter data lake governance resources in Alibaba Cloud.
The skill explicitly supports mutating DLF Next resources through OpenAPI/SDK calls. That is aligned with its management purpose, but these actions can change cloud resources.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Require explicit confirmation of the target region, resource identifiers, and intended change before any create, update, modify, or set API call.