Aliyun Pts Manage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Alibaba Cloud PTS management helper, but it uses cloud credentials and can start or stop performance tests, so users should apply normal change-control safeguards.
Install dependencies in an isolated environment, use least-privilege temporary Alibaba Cloud credentials, run read-only discovery first, and require explicit confirmation of region, scene ID, change window, and stop plan before starting or stopping any PTS test.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong region or scene, a load test could affect systems or incur cost.
The script can start a PTS scene, which is a real cloud-side mutating operation. This matches the skill purpose and requires a specific scene ID, but it can still create traffic, cost, or service impact.
start_resp = client.start_pts_scene(pts_models.StartPtsSceneRequest(scene_id=args.scene_id))
Confirm the region, scene ID, owner, change window, and stop/rollback plan before any start or stop operation.
The skill can act with whatever Alibaba Cloud permissions the supplied credentials have.
The skill expects Alibaba Cloud account credentials or a shared credential file. That is appropriate for PTS management, but it is sensitive authority and the registry metadata lists no primary credential.
`ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` ... Shared credentials file: `~/.alibabacloud/credentials`
Use a least-privilege RAM user or temporary STS credentials scoped to the needed PTS actions, and avoid using root or broad account credentials.
A future package update could change behavior or introduce dependency risk.
The setup instructions install latest-version SDK packages rather than pinned versions. This is common for SDK-based skills but means dependency contents may change over time.
python -m pip install -U alibabacloud_pts20201020 alibabacloud_tea_openapi
Install in a virtual environment and consider pinning vetted SDK versions for production use.
Local output files may reveal cloud resource details if shared or committed accidentally.
The skill persistently stores operation evidence and API summaries locally. This is disclosed and scoped, but those files may contain resource IDs, report details, or operational context.
Save artifacts, command outputs, and API response summaries under `output/aliyun-pts-manage/`.
Review and protect the output directory, and avoid sharing generated files without checking for sensitive identifiers or operational data.