Aliyun Dlf Manage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent Alibaba Cloud Data Lake management skill, but it can use your Alibaba Cloud credentials to view or change cloud resources and save local response artifacts.
Install only if you intend to let the agent help manage Alibaba Cloud Data Lake resources. Configure least-privilege Alibaba Cloud credentials, verify the account and region before use, and explicitly approve any create, update, modify, or set operation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad credentials are available, the agent could make broad Alibaba Cloud Data Lake changes when carrying out user requests.
The skill may use Alibaba Cloud credentials, including local shared credentials. This is expected for managing Alibaba Cloud resources, but it gives the agent whatever cloud permissions those credentials have.
AccessKey priority (must follow) ... Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` ... Shared config file: `~/.alibabacloud/credentials`
Use least-privilege Alibaba Cloud credentials, prefer task-specific keys or roles, verify the active region/account, and avoid using admin-level keys for routine tasks.
Incorrect actions could create, update, modify, or set Data Lake resources in the user's Alibaba Cloud account.
The skill is designed to perform mutating cloud API operations. That matches the management purpose, but mistaken parameters or insufficient confirmation could affect real cloud resources.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Run list/describe calls first, review target resource IDs and regions, and require explicit confirmation before mutating operations.
Cloud resource identifiers, regions, time ranges, or response summaries may remain in local output files after the task.
The skill intentionally persists API outputs and key parameters locally. This is useful for reproducibility, but those files may contain sensitive cloud resource metadata.
Save artifacts, command outputs, and API response summaries under `output/aliyun-dlf-manage/`. Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Review saved artifacts before sharing them, redact sensitive identifiers or data, and delete output files when they are no longer needed.