Alibabacloud Dataworks Infra Manage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Alibaba Cloud DataWorks management skill, but it can use your existing cloud credentials to create or bind billable resources and handle database secrets.
Install only if you are comfortable letting the agent help operate Alibaba Cloud DataWorks through your Aliyun CLI credentials. Use a least-privilege RAM identity, confirm the active account/profile and workspace before every write, and avoid exposing real database passwords in chat or shell history.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong Aliyun profile or an overly privileged account is active, the agent could create or bind cloud resources, affect DataWorks workspaces, or incur costs.
The skill operates through the user's existing Alibaba Cloud CLI identity and may require billing/order and VPC permissions. The instructions do not clearly require confirming the active Aliyun account/profile before write operations.
Credential status: `aliyun configure list`, verify valid credentials exist ... All operations require `dataworks:<APIAction>` permissions. Creating resource groups additionally requires `AliyunBSSOrderAccess` and `vpc:DescribeVpcs`, `vpc:DescribeVSwitches`.
Before use, confirm the active Aliyun profile, account, region, project/workspace, and use a least-privilege RAM role limited to the intended DataWorks APIs.
The agent can make real changes to DataWorks infrastructure when you approve the operation.
These write APIs can mutate cloud infrastructure. The behavior is aligned with the skill's purpose and the skill includes confirmation gates, but users should recognize the impact.
Allowed Write APIs: `CreateDataSource`, `CreateComputeResource`, `CreateResourceGroup`, `AssociateProjectToResourceGroup`, `DissociateProjectFromResourceGroup`, `TestDataSourceConnectivity`
Review every generated command and confirm workspace, region, resource group, and environment before allowing write operations.
Database passwords could be exposed in chat transcripts, CLI arguments, shell history, or logs if entered directly.
Creating DataWorks data sources often requires database usernames and passwords in connection properties. This is expected for the integration, but these are sensitive credentials.
"username": "root", "password": "<PASSWORD>"
Avoid pasting real secrets into chat when possible, use placeholders until final execution, and rotate any credential that may have been exposed.
A compromised or unexpected CLI/plugin download could execute code on the user's machine.
The setup guidance downloads the latest CLI binary and enables automatic plugin installation. This is purpose-aligned, but it is unpinned and depends on external download/plugin provenance.
wget https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz ... sudo mv aliyun /usr/local/bin/ ... aliyun configure set --auto-plugin-install true
Install Aliyun CLI from official sources, verify checksums or signatures where available, and understand what plugins are being installed.