Aliyun Ccai Manage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent Alibaba Cloud Contact Center AI management helper, but it can use Alibaba Cloud credentials to make real cloud changes.
Install only if you intend to let the agent help manage Alibaba Cloud ContactCenterAI. Use a least-privilege Alibaba Cloud credential, verify the account/profile/region/resource IDs before any mutation, and review generated output files before sharing them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad Alibaba Cloud credentials are available, the agent could perform ContactCenterAI actions with those permissions.
The skill directs the agent to use Alibaba Cloud credentials, including a local shared credentials file. That is expected for Alibaba Cloud management, but it grants whatever account permissions those credentials have.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Use least-privilege RAM credentials for only the needed ContactCenterAI actions, and explicitly confirm the Alibaba account, profile, region, and resource IDs before changes.
Mistaken parameters or an overly broad request could create, update, or reconfigure ContactCenterAI resources.
The skill authorizes mutating Alibaba Cloud API calls. This matches the management purpose and is paired with a confirmation workflow, but the operations can still change real cloud resources.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Review planned API calls before execution, prefer describe/list checks first, and ask for explicit confirmation for create/update/modify/set operations.
Local output files may contain cloud resource details or other operational information that should not be shared casually.
The skill intentionally persists local evidence files that may include operational details such as resource IDs, regions, time ranges, and response summaries.
Save artifacts, command outputs, and API response summaries under `output/aliyun-ccai-manage/`. Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Inspect generated output before sharing it, avoid saving secrets or customer data, and delete evidence files when they are no longer needed.
Users have less context for who maintains the skill or where to verify updates.
The registry information does not provide an upstream source or homepage. The included helper script is small and purpose-aligned, but provenance cannot be independently verified from the supplied metadata.
Source: unknown; Homepage: none
Review the included files before use and prefer a trusted or internally reviewed copy for production cloud administration.