ClawHub
Back to skill
v1.0.3

Alicloud Data Lake Dlf

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:34 AM.

Analysis

This is a coherent Alibaba Cloud Data Lake management helper, but it can use Alibaba Cloud credentials and perform user-requested resource changes, so use least-privilege access.

GuidanceInstall only if you intend the agent to help manage Alibaba Cloud Data Lake Formation. Provide narrowly scoped Alibaba Cloud credentials, confirm all mutating actions before execution, and review saved output files for any cloud resource details before sharing them.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.

The skill explicitly supports mutating DataLake resources through Alibaba Cloud APIs. That is coherent with its purpose, and the workflow includes confirming region, resource identifiers, and desired action, but incorrect mutations could affect cloud resources.

User impactA mistaken command or wrong resource identifier could create or change Data Lake Formation catalog or configuration resources.
RecommendationBefore any mutation, confirm the API name, region, resource IDs, intended change, and rollback plan; verify results with read-only Describe/List calls.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`

The skill expects Alibaba Cloud account credentials, including a local shared credentials file. This is purpose-aligned for managing Alibaba Cloud resources, and there is no artifact evidence of credential leakage, but the authority is sensitive.

User impactAny permissions attached to the provided Alibaba Cloud credentials could be used for Data Lake Formation operations.
RecommendationUse a least-privilege RAM user or role limited to the needed DataLake actions and region, avoid broad account keys, and rotate credentials if they may have been exposed.