ClawHub

Alibabacloud Cli Guidance

v0.0.1

Guide users to manage Alibaba Cloud resources using the Aliyun CLI command-line tool. Covers CLI installation, credential configuration, plugin management, c...

1· 50·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the content: the files are extensive guidance for installing, configuring, and using the Aliyun CLI and RAM policies. The instructions reference only Alibaba Cloud concepts, CLI plugins, and the expected environment variables for the CLI.
Instruction Scope
SKILL.md instructs the user to set sensitive environment variables (ALIBABA_CLOUD_ACCESS_KEY_ID, ALIBABA_CLOUD_ACCESS_KEY_SECRET, ALIBABA_CLOUD_SECURITY_TOKEN, etc.) and to run CLI commands that may read local files (e.g., --body-file). This is appropriate for a CLI guidance skill, but users should be aware the skill explicitly tells them to export credentials and run commands that touch local config files.
Install Mechanism
The skill has no install spec (instruction-only). However, the guide recommends executing a remote installer via curl|bash and provides direct download URLs hosted on aliyuncli.alicdn.com (Alibaba's CDN). The host appears legitimate for the product, but recommending curl | bash is inherently higher-risk — users should inspect the script before running and prefer package managers or signed releases when possible.
Credentials
The skill does not declare required env vars in metadata but the content legitimately documents and asks users to set Alibaba Cloud credential and region environment variables needed for CLI operation. The sensitive variables requested are proportional to the stated goal (CLI usage) and are standard for the service.
Persistence & Privilege
The skill is instruction-only (no code written to disk by the package) and is not always-enabled. It does not request permanent platform privileges or modify other skills’ configurations. The only persistence risk arises from following installer instructions (which may write binaries/config to the host) — expected for installing a CLI.
Assessment
This skill is a documentation/guide for the Aliyun CLI and is coherent with that purpose. Before following instructions: (1) inspect any remote install script (the guide recommends running a setup script from aliyuncli.alicdn.com) instead of blindly piping curl into bash; prefer package managers or verified binaries if available; (2) prefer OAuth or temporary STS tokens over long-lived access keys when possible; (3) store keys securely (CI secret stores, environment variables in ephemeral jobs), do not paste them into shared channels, and follow least-privilege RAM policies; (4) be aware the guide contains examples that read local files (e.g., --body-file) and instruct setting environment variables — only do this in trusted environments; (5) if you want additional assurance, verify download URLs and checksums on the official Alibaba Cloud site or use Homebrew/npm packages where supported.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cz21ngbhawnhh49e8639e8h83w6yt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments