Aliyun Aicontent Generate
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent Alibaba Cloud AIContent management helper, but users should notice that it can use Alibaba Cloud credentials and perform cloud resource changes when directed.
This skill appears purpose-aligned for Alibaba Cloud AIContent administration. Before using it, configure a limited Alibaba Cloud AccessKey, verify the region and resource IDs for any mutation, and review or remove generated files under `output/aliyun-aicontent-generate/` if they contain sensitive cloud details.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used, the agent may be able to access or modify Alibaba Cloud AIContent resources allowed by the configured credentials.
The skill directs use of Alibaba Cloud account credentials, including a local shared credentials file. This is expected for managing Alibaba Cloud AIContent, but it gives the agent delegated cloud-account authority.
AccessKey priority (must follow) 1) Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... 2) Shared config file: `~/.alibabacloud/credentials`
Use a least-privilege Alibaba Cloud AccessKey limited to the needed AIContent operations, and avoid using broad administrator credentials.
A mistaken request or wrong resource identifier could change AIContent configurations or workflows in the user's Alibaba Cloud account.
The skill explicitly supports mutating Alibaba Cloud AIContent operations. This fits the stated management purpose, and the workflow also says to confirm region, resource identifiers, and desired action.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Review the target region, resource IDs, and requested mutation before allowing create, update, modify, or set operations.
Local output files may retain details about cloud resources or generated-content jobs after the task is complete.
The skill stores local evidence files that may contain cloud resource identifiers, parameters, or summaries of API responses. This is disclosed and scoped to the skill output directory.
Save artifacts, command outputs, and API response summaries under `output/aliyun-aicontent-generate/`. - Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Check generated output files before sharing them, and delete them when they are no longer needed.