DashScope LLM

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a simple, disclosed DashScope API wrapper; users should know it uses their DashScope API key and sends the prompt to Alibaba Cloud.

This skill appears benign and narrowly scoped. Before using it, set a dedicated DashScope API key, make sure you are comfortable sending the prompt text to DashScope, and use a trusted installed version of the OpenAI Python package.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

Low

What this means

The request may consume the user's DashScope account quota or billing and uses whatever permissions that API key has.

Why it was flagged

The script reads a DashScope API credential from the environment. This is expected for calling DashScope, but users should notice that the registry metadata declares no required env vars or primary credential.

Skill content

api_key=os.getenv("DASHSCOPE_API_KEY")

Recommendation

Use a dedicated, least-privilege DashScope API key and avoid running it in environments where unintended keys may be present.

#ASI07: Insecure Inter-Agent Communication

Low

What this means

Any text placed in the prompt is transmitted to DashScope/Alibaba Cloud for processing.

Why it was flagged

The code sends the user-provided message to DashScope's external OpenAI-compatible API. This is disclosed and purpose-aligned, but it is still an external data flow.

Skill content

base_url="https://dashscope.aliyuncs.com/compatible-mode/v1" ... messages=[{"role": "user", "content": args.message}]

Recommendation

Do not send secrets, private documents, or regulated data unless the user's DashScope account and data-processing terms are appropriate.

#ASI04: Agentic Supply Chain Vulnerabilities

Info

What this means

Behavior depends on the OpenAI package version already installed in the environment.

Why it was flagged

The skill depends on an external Python package supplied by the user's environment, and the artifacts do not include a pinned dependency or install spec. There is no evidence of hidden installation or execution.

Skill content

- the `openai` Python package installed

Recommendation

Install the OpenAI package from a trusted source and consider pinning a known-good version in the environment where this skill is used.