Alicloud Observability Sls Log Query
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent Alibaba Cloud log-query helper; it uses cloud credentials and can expose sensitive log contents, but the artifacts do not show hidden exfiltration, persistence, or destructive behavior.
Before installing, confirm you are comfortable providing Alibaba Cloud SLS read credentials, preferably a least-privilege key. Run it in a virtual environment, verify the SDK package/version if your environment requires strict supply-chain controls, and keep query time ranges and limits narrow because log output may contain sensitive data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the Alibaba Cloud permissions attached to the provided access key to read configured SLS logs.
The skill requires Alibaba Cloud credentials and SLS configuration to query logs. This is expected for the stated purpose, but users should notice that the registry metadata lists no required env vars or primary credential.
`ALIBABA_CLOUD_ACCESS_KEY_ID`; `ALIBABA_CLOUD_ACCESS_KEY_SECRET`; `SLS_ENDPOINT`; `SLS_PROJECT`; `SLS_LOGSTORE`
Use a least-privilege Alibaba Cloud key limited to the intended SLS project/logstores and time-bounded read/query actions.
Installing the SDK will download code from the Python package ecosystem into the user's environment.
The setup instructions install an external Python package without a pinned version. This is directly related to the SLS SDK purpose, but it leaves normal package provenance/version review to the user.
python -m pip install -U aliyun-log-python-sdk
Install in a virtual environment as suggested, and consider pinning or verifying the SDK version before use.
Sensitive log fields, identifiers, error messages, or user data may appear in terminal output or saved evidence files.
The script prints retrieved log rows directly. This is core to a log-query tool, but log contents may include sensitive or untrusted application data that can be copied into agent context or saved by the user.
for row in all_rows:
print(json.dumps(row, ensure_ascii=False))Limit queries by time, logstore, and fields; avoid sharing raw outputs; redact secrets or personal data before storing or pasting results elsewhere.