Aliyun Ecs Manage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Alibaba Cloud ECS management skill, but it should be reviewed carefully because it can use cloud credentials to change resources and run arbitrary commands on ECS instances.
Install only if you intend to let the agent manage Alibaba Cloud ECS. Use least-privilege RAM credentials, prefer read-only permissions for inventory tasks, require explicit approval before lifecycle, security-group, disk, snapshot, or remote-command actions, and pin the SDK dependencies in a virtual environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user runs the wrong command, it could alter or damage a cloud server, stop services, or expose sensitive command output.
The utility exposes arbitrary shell or PowerShell execution on a selected ECS instance through Alibaba Cloud Assistant. This is purpose-aligned for troubleshooting, but high-impact and not constrained by an allowlist, dry-run mode, or in-script approval.
parser.add_argument("--command", required=True, help="Shell command text, e.g. 'ps -ef'") ... command_content=args.command ... run_resp = client.run_command(run_req)Require explicit user approval for each remote command, review the exact instance and command text before execution, and consider adding confirmations or safe-command allowlists.
The skill may use active Alibaba Cloud credentials in the environment to list, change, or command ECS resources depending on the RAM permissions granted.
The scripts use Alibaba Cloud access keys and optional security tokens from the environment. The registry metadata declares no required environment variables or primary credential, so the credential boundary is under-declared for a high-impact cloud management skill.
ak = os.getenv("ALICLOUD_ACCESS_KEY_ID") or os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID") ... config.access_key_secret = skDeclare the credential requirements clearly, use a least-privilege RAM role or temporary token, and separate read-only inventory credentials from credentials allowed to mutate resources or run commands.
Future package changes or dependency confusion could affect what code is installed in the execution environment.
The setup guidance installs SDK packages from the package index without pinned versions. This is expected for an SDK-based cloud skill, but it leaves dependency versions to be resolved at install time.
python -m pip install alibabacloud_ecs20140526 alibabacloud_tea_openapi alibabacloud_credentials
Install in a virtual environment, pin known-good package versions, and prefer a reviewed requirements file or lockfile.
Saved outputs could reveal instance IDs, network layout, process lists, or other server details if shared or reused carelessly.
The skill intentionally stores infrastructure inventory and decoded remote-command output as local evidence files. This is useful for the stated purpose, but those files may contain sensitive operational details.
Save list/summarize outputs under `output/aliyun-ecs-manage/` ... Decode base64 stdout and save normalized JSON evidence.
Store outputs in a protected location, redact secrets before sharing, and avoid running commands that print credentials or sensitive data.