Alicloud DataWorks Skill

The skill's behavior and files match its stated purpose (managing Alibaba Cloud DataWorks), but the package metadata omits the credential and environment requirements the runtime instructions actually demand and contains inconsistent env-var names — this mismatch is suspicious and should be resolved before use.

This skill appears to be a legitimate Alibaba Cloud DataWorks integration, but the package manifest omits the sensitive credentials that the SKILL.md requires and the documentation shows inconsistent environment variable names. Before installing or granting access: (1) verify the npm package and GitHub repo referenced in references/sources.md are the official project and review their code; (2) do not provide full-production-wide keys—use least-privilege or temporary credentials (STS) scoped to DataWorks; (3) confirm which exact env var names your environment expects (ALICLOUD_* vs ALIBABA_CLOUD_); (4) keep credentials out of shared plaintext files where possible and inspect ~/.alibabacloud/credentials if used; (5) require explicit user confirmation for destructive operations as the SKILL.md suggests; and (6) ask the publisher to correct the registry metadata to list required env vars/primary credential so the permission surface is clear. If you cannot validate the MCP Server package source, avoid running it with privileged credentials.