ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alibabacloud Dataworks Data Ops

v0.0.1

DataWorks Operations Center assistant for task and workflow operations, alert rule creation and management. Covers troubleshooting, failure recovery, baselin...

0· 41·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires walletRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is described as a DataWorks Operations assistant and its runtime instructions consistently use the official aliyun CLI and DataWorks APIs — those requirements are coherent with the stated purpose. HOWEVER the registry metadata lists no required environment variables or primary credential while the SKILL.md clearly requires Alibaba Cloud credentials (via configured aliyun profile or environment variables) and two timeout env vars (ALIBABA_CLOUD_CONNECT_TIMEOUT, ALIBABA_CLOUD_READ_TIMEOUT). This mismatch between metadata and instructions is an inconsistency that should be resolved.
Instruction Scope
SKILL.md confines actions to DataWorks-related CLI calls, parameter confirmation, and permission checks; it explicitly forbids printing or asking for AK/SK in-chat and requires credential configuration outside the session. The instructions do reference an external helper skill (ram-permission-diagnose) for permission problems. No instructions ask the agent to read unrelated system files or exfiltrate data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec or code). The included installation documentation points to the vendor's aliyuncli distribution (aliyuncli.alicdn.com) and standard Homebrew usage — these are expected and lower-risk than arbitrary download hosts. The SKILL.md does require enabling automatic plugin installation in the CLI, which can pull plugins at runtime (network activity) and is worth noting.
!
Credentials
The skill requires Alibaba Cloud credentials and specific timeout environment variables according to SKILL.md, but the registry metadata declares none (primary credential: none). The recommended RAM policy in references/ram-policies.md uses Resource: "*" by default (broad). Even though the SKILL.md advises least privilege, the current documentation and metadata do not enforce or declare a scoped primary credential — this gap increases risk and user confusion. Also: the CLI installation guide includes examples showing how to set access keys; ensure you set credentials locally and do not paste secrets into the conversation.
Persistence & Privilege
always:false (default) and there are no install scripts altering other skills or system-wide agent settings. The skill does instruct enabling CLI auto-plugin-install, which may cause the CLI to fetch plugins as needed, but the skill itself does not request persistent elevated platform privileges.
What to consider before installing
This skill appears to do what it says (operate DataWorks via the aliyun CLI), but there are a few things to check before installing: 1) Metadata omission — SKILL.md requires ALIBABA_CLOUD_CONNECT_TIMEOUT and ALIBABA_CLOUD_READ_TIMEOUT and an authenticated aliyun profile, but the registry lists no required env vars/credentials; confirm the platform will surface and protect the credentials you actually provide. 2) Configure credentials locally (aliyun configure or environment variables) and never paste AK/SK into chat; the SKILL.md forbids printing secrets — follow that. 3) The recommended RAM policy example uses Resource: "*"; narrow the policy to the project/workspace you want to limit blast radius. 4) The CLI auto-plugin setting can cause network downloads at runtime — if you must restrict outbound fetches, review and control plugin installation separately. 5) Source unknown / no homepage: consider whether you trust an instruction-only skill with no clear publisher; if in doubt, run the described commands manually in a terminal first to validate behavior and outputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ftxtar7fkbfmjgx56ky4ps84rj23

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments