Alicloud Security Cloudfw
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with broad permissions, the agent could create or modify cloud firewall policies and resources as part of a requested task.
The skill explicitly supports mutating Alibaba Cloud Firewall resources. This is expected for the stated purpose, but firewall changes can affect production access and security posture.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Use least-privilege Alibaba Cloud permissions, review planned mutations before execution, and verify results with describe/list APIs as the skill recommends.
The agent may use configured Alibaba Cloud credentials to act in the associated cloud account.
The skill instructs use of Alibaba Cloud credentials, including a local shared credentials file. This is purpose-aligned for Cloud Firewall management, but it is sensitive account authority and the registry metadata lists no primary credential.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Provide a dedicated least-privilege credential limited to the needed Cloudfw operations and confirm which account, region, and resources will be affected.