alibaba devops
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a DevOps connector, but it relies on unpinned npm-run MCP software, requires an undeclared Alibaba Cloud DevOps access token, and exposes broad abilities to change code, pipelines, deployments, and project membership.
Install only if you trust the npm packages and are comfortable letting an agent use a Yunxiao access token for broad DevOps operations. Prefer a least-privilege token, pin or verify package versions, and require manual approval before any delete, deploy, pipeline-run, membership, or ownership-change action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may download and execute whatever npm currently serves for those packages, and that code could receive the user's DevOps token.
The skill directs runtime execution of unpinned npm packages via npx -y and passes the DevOps token into that runtime, while no reviewed code or install specification is supplied.
npx -y mcporter call --stdio "npx -y alibabacloud-devops-mcp-server" --env YUNXIAO_ACCESS_TOKEN=your-token <tool_name> ...
Verify the npm packages and publisher, pin known-good versions, and prefer a reviewed install spec or lockfile before providing a real access token.
The agent may act through the user's Alibaba Cloud DevOps identity and access organization, repository, pipeline, and project resources allowed by that token.
The skill requires an Alibaba Cloud DevOps access token, but the registry metadata lists no required environment variables or primary credential, under-disclosing the account authority needed.
`YUNXIAO_ACCESS_TOKEN`: 云效访问令牌(必需)
Use a least-privilege token limited to the intended organization and projects, declare the credential requirement explicitly, and avoid tokens with administrative or production deployment rights unless necessary.
A mistaken or over-broad agent action could delete repository content, run or change pipelines, affect deployments, or change access ownership in a DevOps organization.
The documented tool list includes destructive and high-impact mutations across repositories, pipelines, deployments, and resource ownership, without documented approval or scoping controls.
`delete_file` | 删除文件 ... `update_pipeline` | 更新流水线配置 ... `create_pipeline_run` | 运行流水线 ... `update_resource_owner` | 转让资源所有者
Require explicit user confirmation for destructive, deployment, membership, and ownership actions; default to read-only use where possible and scope each operation to a named organization, project, repository, or pipeline.