Alicloud Security Content Moderation Green
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect or unintended use could alter moderation workflows or policies in the user's Alibaba Cloud account.
The skill explicitly supports mutating Alibaba Cloud Content Moderation resources and policies. This is purpose-aligned, but cloud configuration changes can have operational impact.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Confirm the region, resource ID, intended action, and expected outcome before any create, update, modify, or set operation.
The agent may be able to inspect or change Alibaba Cloud Content Moderation resources according to the permissions on the configured credentials.
The skill is designed to use Alibaba Cloud credentials from environment variables or the local shared credentials file. This is expected for Alibaba Cloud API management, but it gives the agent delegated account access.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Use a least-privilege Alibaba Cloud credential limited to the required Content Moderation operations and avoid using broad administrator keys.
Generated output files may retain resource IDs, regions, time ranges, or moderation configuration summaries in the workspace.
The skill persists API summaries and operational identifiers to local files. This is useful for evidence and reproducibility, but those files may contain internal cloud resource details.
Save artifacts, command outputs, and API response summaries under `output/alicloud-security-content-moderation-green/`. Include key parameters (region/resource id/time range) in evidence files
Review generated files before sharing them and delete the output directory when the retained operational details are no longer needed.