Aliyun Ccc Manage
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent Alibaba Cloud CCC management helper, but users should be aware it can use cloud credentials and guide account-changing API operations.
This skill appears safe for its stated purpose if you intend to manage Alibaba Cloud CCC. Before using it, configure a least-privilege Alibaba Cloud AccessKey, verify the target region and resource IDs, and carefully approve any operation that creates, updates, modifies, or sets cloud resources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong region, instance, or resource, the agent could change cloud call-center configuration.
The skill explicitly supports cloud API mutation operations. This is purpose-aligned for CCC management, but such actions can change live Alibaba Cloud call-center resources.
Call API with SDK or OpenAPI Explorer... Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Use least-privilege credentials and require clear user confirmation for any mutating API call, including the region, resource ID, and expected change.
The agent may act with whatever Alibaba Cloud permissions are available through those credentials.
The skill instructs the agent to use Alibaba Cloud credentials from environment variables or the local shared credential file. That is expected for Alibaba Cloud API management, but it is sensitive account authority.
AccessKey priority... Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID`... Shared config file: `~/.alibabacloud/credentials`
Provide a dedicated, least-privilege AccessKey limited to the intended CCC resources and avoid using broad administrator credentials.
Local output files could reveal CCC configuration details or resource identifiers to anyone with access to the workspace.
The skill asks to persist operation evidence and API response summaries locally. This is useful for reproducibility, but those files may contain cloud resource identifiers or operational details.
Save artifacts, command outputs, and API response summaries under `output/aliyun-ccc-manage/`. Include key parameters (region/resource id/time range) in evidence files
Review saved outputs before sharing them, and remove or redact sensitive resource identifiers, timestamps, or response details when no longer needed.