Alibabacloud Cfw Ips Event
v0.0.1Query and analyze security events and alerts detected by Alibaba Cloud Firewall IPS (Intrusion Prevention System), helping quickly locate threats and provide...
⭐ 0· 25·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the runtime instructions and referenced APIs. The SKILL.md consistently instructs using the Aliyun CLI (cloudfw) and the documented API names match the Cloud Firewall product scope (DescribeRiskEventStatistic, DescribeRiskEventGroup, etc.). No unrelated services, binaries, or unusual permissions are requested.
Instruction Scope
Instructions are narrowly scoped to running specific `aliyun cloudfw ...` commands, validating parameters, checking CLI version and credential/profile presence, and verifying RAM permissions. The skill explicitly forbids reading workspace files or asking the user for raw AK/SK in chat. It also requires permission checks before executing commands.
Install Mechanism
No install spec or code is included; this is instruction-only. The included CLI installation guide references official Aliyun download URLs. No arbitrary downloads, extract steps, or third-party packages are embedded in the skill.
Credentials
The skill requires Alibaba Cloud credentials (a configured Aliyun CLI profile, STS, ECS role, or env vars) and specific read-only RAM permissions — which are appropriate for its purpose. However, the skill bundle metadata lists no required env vars or primary credential field; the dependency on user-side CLI credentials is only documented inside SKILL.md. This is coherent but worth noting so users understand credentials must be present in their environment (and should not be provided in chat).
Persistence & Privilege
The skill does not request always:true or any elevated persistent presence, does not modify other skills or system-wide agent settings, and is user-invocable. Autonomous invocation is allowed (platform default) but there are no extra privileges combined with that behavior.
Assessment
This skill appears to do only what it claims: run Aliyun CLI cloudfw read-only commands to analyze IPS alerts. Before installing, ensure you: (1) have Aliyun CLI >= 3.3.1 and a valid CLI profile or ECS RAM role locally configured (do not paste AK/SK into chat), (2) grant only the minimal read-only RAM permissions listed in references/ram-policies.md (AliyunYundunCloudFirewallReadOnlyAccess is suggested), and (3) verify the skill's behavior by running `aliyun configure list` and a harmless test command (e.g., DescribeRiskEventStatistic) yourself. The only minor mismatch: the package metadata doesn't declare required credentials even though the SKILL.md requires a configured CLI profile — that's informational, not malicious. If you are uncomfortable, run the CLI commands manually rather than allowing autonomous agent execution.Like a lobster shell, security has layers — review code before you run it.
latestvk97bwc9y5wxydn4y35hr7hybzh84fyvx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.