ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun Cloudfw Manage

v1.0.0

Use when managing Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK, including the user requests firewall policy/resource operations, change management,...

0· 27·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (manage Alibaba Cloud CloudFW) legitimately requires Alibaba Cloud credentials and region information. However, the registry metadata lists no required env vars, primary credential, or config paths even though SKILL.md explicitly prioritizes ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID and ~/.alibabacloud/credentials. This mismatch is incoherent: someone building this skill should declare those requirements.
!
Instruction Scope
SKILL.md instructs the agent to use environment variables and a shared credentials file (~/.alibabacloud/credentials), to call SDK/OpenAPI (including mutating Create/Update/Modify APIs), and to write artifacts under output/aliyun-cloudfw-manage/. Those instructions are reasonable for a CloudFW manager, but they reference reading credentials and potentially performing mutations while the package metadata does not surface or restrict those capabilities. The script included only fetches public API metadata from api.aliyun.com (expected).
Install Mechanism
No install spec — instruction-only plus a small Python script that fetches metadata from the official api.aliyun.com endpoints. No remote, untrusted binary downloads or extraction. Low install risk.
!
Credentials
The credentials requested in SKILL.md (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optional ALICLOUD_REGION_ID) are proportional to the stated purpose. The problem is they are not declared in the skill metadata (requires.env / primaryEnv) and the skill instructs reading ~/.alibabacloud/credentials without declaring that config path. This omission makes it unclear to users/administrators what secrets the skill will use or require.
Persistence & Privilege
always is false and the skill does not request system-wide modification or persistent elevated privileges. The agent can invoke the skill autonomously by default (disable-model-invocation is false), which is platform-standard; combine this with the credential mismatch and you should be cautious about allowing autonomous runs that could perform mutating API calls.
What to consider before installing
Before installing or enabling this skill: (1) Require the publisher to update the skill metadata to declare the exact required env vars (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID) and the config path (~/.alibabacloud/credentials) so the platform can surface permission prompts. (2) Only provide least-privilege Alibaba Cloud credentials (narrow IAM policy) and test with read-only credentials first. (3) Review and run the included script locally to verify behavior (it fetches public metadata from api.aliyun.com). (4) If you allow autonomous invocation, restrict or audit mutating operations (Create/Update/Modify) — consider disabling autonomous invocation until metadata/behavior is clarified. (5) If the publisher cannot justify the missing metadata, treat the omission as a red flag and avoid giving credentials or enabling the skill for production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk974xq2xyw62j3h4ybqtxyb0y9842e6b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments