Back to skill
Skillv0.0.1-beta.2
VirusTotal security
Alibabacloud Dataworks Data Quality · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 2:16 AM
- Hash
- c53b92734110ecd7fdb1e838fe2eb058ce06297b70b57388149ae9af540e57aa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alibabacloud-dataworks-data-quality Version: 0.0.1-beta.2 The skill bundle provides read-only access to Alibaba Cloud DataWorks but contains high-risk instructions and potential vulnerabilities. Specifically, SKILL.md and references/cli-installation-guide.md instruct the AI agent to execute 'curl | bash' from a remote URL (aliyuncli.alicdn.com) to install or update the Aliyun CLI, which is a high-risk execution pattern. Additionally, the skill constructs shell commands using user-provided parameters (e.g., ProjectId, Table, Name) without explicit instructions for input sanitization, creating a risk of shell injection. While these capabilities are plausibly needed for the stated purpose and include some safeguards (like a read-only gate), the combination of remote script execution and unsanitized command construction meets the threshold for a suspicious classification.
- External report
- View on VirusTotal