Alibabacloud Alert Intent Router
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a transparent Alibaba Cloud alert router, but it relies on cloud read permissions, local CMDB data, and separate diagnostic skills that users should verify.
Before installing, confirm that the three backend Alibaba Cloud diagnostic skills are trusted, configure only least-privilege read permissions for this router, protect the CMDB and intent-mapping files from untrusted edits, and review any generated remediation commands before running them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use an Alibaba Cloud profile or role to see ECS and VPC resource metadata across the account.
The router expects Alibaba Cloud account authority for resource discovery. The documented permissions are read-only and purpose-aligned, but they can read cloud inventory broadly.
本技能为**纯路由技能**,仅需要只读权限用于资源查询和信息收集 ... "Resource": "*"
Use a dedicated least-privilege RAM role/profile for this router and separately review the permissions required by each backend diagnostic skill.
Alert contents, instance IDs, region IDs, and diagnosis context may be shared with backend diagnostic skills.
The skill is designed to pass alert details and cloud resource identifiers to other installed skills. This is disclosed and central to the purpose, but data and permissions cross a skill boundary.
必须使用 **Skill 工具** 调用后端技能: Skill(skill: "<backend_skill_name>", args: "<传递给后端技能的参数>")
Install only trusted backend skills, verify their publishers and permissions, and avoid sending sensitive alert text unless those backend skills are approved.
The CMDB can contain sensitive infrastructure mappings, and incorrect or untrusted edits could cause wrong routing or misleading reports.
The optional CMDB file is persistent local context used to resolve resource names and relationships for routing and reports.
配置 CMDB 可以提供以下增强功能:- 业务名称到资源 ID 的映射 ... - 资源关联关系 ... - 自定义业务标签和分组
Restrict who can edit the CMDB and intent-mapping reference files, and review their contents before relying on automated diagnosis.
A user following the guide installs an external command-line tool that can later access Alibaba Cloud APIs using configured credentials.
The reference guide tells users how to install a latest Aliyun CLI binary into PATH. This is user-directed setup, not automatic execution, but it is not pinned or checksum-verified in the artifact.
wget https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz ... sudo mv aliyun /usr/local/bin/
Install Aliyun CLI from official sources, verify downloads where possible, and keep it updated under normal enterprise software controls.
Generated reports may include cloud-changing commands that could affect connectivity or access if a user runs them.
The report template encourages actionable remediation commands and includes an example that changes security group rules. The artifact frames these as recommendations, not commands to execute automatically.
处置建议应包含具体可执行的命令 ... aliyun ecs RevokeSecurityGroup
Treat remediation commands in reports as suggestions; review them manually and obtain approval before executing changes in Alibaba Cloud.