ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun Sls Log Query

v1.0.0

Use when querying or troubleshooting logs in Alibaba Cloud Log Service (SLS) using query|analysis syntax and the Python SDK. Use for time-bounded log search,...

0· 29·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (SLS log query) matches the code and SKILL.md, which use the aliyun Python SDK and expect SLS endpoints and logstore names. However the registry/metadata claims no required environment variables or primary credential, while both SKILL.md and the two Python scripts require ALIBABA_CLOUD_ACCESS_KEY_ID, ALIBABA_CLOUD_ACCESS_KEY_SECRET, SLS_ENDPOINT, SLS_PROJECT, and SLS_LOGSTORE. That metadata omission is an incoherence and reduces transparency.
Instruction Scope
Runtime instructions and scripts limit actions to querying Alibaba Cloud SLS (via the official SDK), printing JSON rows, and writing validation/evidence files under output/aliyun-sls-log-query/. The SKILL.md asks users to include region/resource IDs/time ranges in evidence, which may put sensitive environment identifiers and log contents into disk artifacts — expected for a log tool but worth noting.
Install Mechanism
There is no install spec in the registry; SKILL.md instructs installing the official aliyun-log-python-sdk via pip. No third-party download URLs or archive extraction are used. This is a low-risk, expected install approach.
!
Credentials
The environment and credential access the scripts require (ALIBABA_CLOUD_ACCESS_KEY_ID/SECRET and SLS_* vars) are appropriate for querying SLS, but the package metadata does not declare them (primaryEnv is none). Asking for long-lived cloud credentials is inherently sensitive — the skill should declare these requirements explicitly and recommend least-privilege/read-only keys or temporary STS tokens.
Persistence & Privilege
The skill is not always-on, does not request system-wide config changes, and contains no installer that writes persistent agent-wide configuration. It does not modify other skills or request elevated persistence.
What to consider before installing
This skill's code and documentation expect Alibaba Cloud SLS credentials and SLS_* environment variables, but the registry metadata doesn't declare them — treat that as a transparency issue. Before installing: (1) verify the skill owner/source (unknown/homepage absent); (2) do not provide high-privilege or long-lived account keys — create a least-privilege/read-only SLS user or use temporary STS credentials; (3) review logs the scripts will print/save (they may include sensitive fields) and ensure output/aliyun-sls-log-query/ is handled securely; (4) if you need to install, run the provided py_compile validation in an isolated environment and inspect the installed aliyun-log-python-sdk package version; (5) prefer storing credentials in your platform's secret store rather than plain env vars when possible. The primary issue is metadata mismatch (undeclared required credentials) rather than suspicious code behavior, but exercise caution because the skill will receive access to your SLS data if you provide credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk970sbf7z06zzegcyy5ny48q4184230h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments