Alibabacloud Bailian Rag Knowledgebase
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches its Alibaba Cloud knowledge-base retrieval purpose, but it asks for local cloud credentials and a full-access Bailian policy that is broader than the read/retrieve behavior shown.
Install only if you are comfortable connecting the agent to Alibaba Cloud. Use a least-privilege RAM user instead of broad FullAccess where possible, verify the missing package manifest/dependencies before running npm install, and treat retrieved knowledge-base text as untrusted data rather than agent instructions.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may grant this skill's credential more cloud authority than is necessary for knowledge-base retrieval.
The skill uses local Alibaba Cloud credentials and asks the user to grant a full Bailian access policy, which exceeds the read/list/retrieve behavior shown in the scripts.
SDK will automatically read credential configuration from `~/.aliyun/config.json` or `~/.acs/credentials` ... select **AliyunBailianFullAccess** and **AliyunModelStudioReadOnlyAccess**
Prefer a least-privilege RAM policy limited to workspace listing, knowledge-base listing, and retrieval actions where possible, and avoid using high-privilege Alibaba Cloud credentials.
Dependency installation may be ambiguous or fail, and users cannot verify the intended pinned dependency set from the provided artifacts.
SKILL.md instructs `npm install` and refers to dependencies defined in package.json, but package.json is not present in the provided manifest.
6 file(s): SKILL.md, references/ram-policies.md, scripts/check_env.js, scripts/list_indices.js, scripts/list_workspace.js, scripts/retrieve.js
Verify the package manifest and exact dependency versions before running npm install, and run setup only in the intended skill directory.
The skill can execute a local npm command during environment checking.
The environment checker invokes a shell command, but the command argument comes from a hardcoded package list rather than user input.
execSync(`npm list ${pkg}`, { stdio: 'pipe' });Run the check only from a trusted local directory and review local npm configuration if concerned.
Private knowledge-base content may be exposed in the conversation, and retrieved text should not be treated as trusted instructions.
Retrieved knowledge-base text is returned into the agent/user context, which is expected for a RAG tool but may include sensitive or instruction-like document content.
chunks: nodes.map(n => ({ content: n.text, score: n.score, doc_name: n.metadata?.doc_name || '', title: n.metadata?.title || '' }))Use this only with knowledge bases the user is allowed to query, and treat retrieved passages as data rather than commands for the agent to follow.