Alibabacloud Dataworks Data Quality
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent read-only Alibaba Cloud DataWorks query skill, but it depends on local Aliyun CLI setup and cloud credentials, so users should verify the install source and use least-privilege access.
Before installing, make sure you are comfortable letting the agent use your configured Aliyun CLI identity for read-only DataWorks queries. Use a dedicated least-privilege RAM identity, verify any CLI/plugin installation steps, and be careful when displaying or sharing alert-rule details that may include recipients or webhook URLs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or updating the CLI/plugins can change local tooling and execute code from Alibaba Cloud distribution channels.
The skill asks for remote CLI/plugin installation and updates. This is consistent with an Aliyun CLI-based skill, but it downloads or updates executable components outside the skill package.
run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to install/update ... `aliyun configure set --auto-plugin-install true` ... [MUST] run `aliyun plugin update`
Install the Aliyun CLI from official documentation or a trusted package manager, verify the source, and avoid running remote install scripts in sensitive environments without review.
The agent can read DataWorks project, data quality monitor, rule, alert, run, and log metadata that the configured cloud identity is allowed to access.
The skill relies on Alibaba Cloud RAM permissions and existing CLI credentials. The listed actions are read-only, but the sample policy is broad across resources.
"Action": ["dataworks:ListProjects", "dataworks:ListDataQualityTemplates", "dataworks:GetDataQualityTemplate", ... "dataworks:GetDataQualityScanRunLog"], "Resource": "*"
Use a dedicated RAM user or role with only the listed read-only permissions and scope resources as narrowly as Alibaba Cloud supports.
Query results may expose alert recipients, user IDs, or webhook URLs in the chat transcript.
Read-only alert-rule queries can return recipient identities and webhook-style notification endpoints, which may be sensitive if displayed or shared broadly.
DataQualityAlertRule.Notification.Receivers[] ... Receiver types: `ShiftSchedule`, `WebhookUrl`, `FeishuUrl`, `TaskOwner`, `WeixinUrl`, `DingdingUrl`, `DataQualityScanOwner`, `AliUid`
Avoid sharing full alert receiver details unless needed; redact webhook URLs or recipient identifiers when copying results outside the trusted workspace.