Alicloud Security Center Sas
v1.0.3Manage Alibaba Cloud Security Center (Sas) via OpenAPI/SDK. Use whenever the user needs Security Center resource operations, configuration updates, status qu...
⭐ 0· 1.1k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included material: SKILL.md and the Python script focus on discovering Sas OpenAPI metadata and guiding SDK/API calls. Minor inconsistency: the registry metadata lists no required environment variables, but the SKILL.md explicitly instructs use of Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID/ALICLOUD_ACCESS_KEY_SECRET and optional ALICLOUD_REGION_ID) and ~/.alibabacloud/credentials — these are reasonable for the stated purpose but should be declared in the manifest.
Instruction Scope
Runtime instructions are scoped to API discovery, calling Alibaba Cloud APIs via SDK/OpenAPI Explorer, and saving artifacts under output/alicloud-security-center-sas/. The README warns to ask before mutating operations and to follow least-privilege credentials. It does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism
No install spec — instruction-only with a small helper script. The included script only performs an HTTPS GET from the official api.aliyun.com metadata endpoints and writes files under the skill output directory; no archives or third-party downloads are performed.
Credentials
The SKILL.md sensibly requests Alibaba Cloud credentials and an optional region; those are proportionate to managing Sas resources. However, the package metadata did not declare any required env vars or a primary credential, which is an inconsistency the user should be aware of before granting credentials.
Persistence & Privilege
The skill is not forced-always, is user-invocable, and does not request elevated platform persistence or modify other skills. It does not enable autonomous permanent presence beyond normal model invocation.
Assessment
This skill appears to be a straightforward helper for Alibaba Cloud Security Center: it fetches API metadata from api.aliyun.com and guides SDK/API calls. Before installing, note that SKILL.md expects you to provide Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET or a ~/.alibabacloud/credentials file) even though the registry metadata did not list them. Only provide least-privilege credentials needed for the operations you want, and avoid running mutating actions without confirming region/resource IDs. If you need absolute assurance, ask the maintainer to update the manifest to declare the expected environment variables and to provide a signed source/homepage.Like a lobster shell, security has layers — review code before you run it.
latestvk97d6cen5q379cnpk3dpwy48r982qbkr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.