ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alibabacloud Dataworks Workspace Manage

v0.0.2

DataWorks Workspace Lifecycle Management Skill. Used for creating workspaces, querying workspace information, and adding workspace members with role authoriz...

0· 46·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the content: all files focus on DataWorks workspace creation, queries, and member role assignments. Requiring the Aliyun CLI to perform these actions is coherent. However, the skill metadata claims no required env vars or config paths while the runtime docs repeatedly reference ~/.aliyun/config.json, environment variables (ALIBABA_CLOUD_*), and credential configuration — an undeclared but required dependency (implicit credential access) that should have been declared in metadata.
!
Instruction Scope
The SKILL.md instructs using the Aliyun CLI and to rely on the default credential chain (env vars, config file, ECS role). It also explicitly forbids generating CLI commands for certain high-risk operations (UpdateProject, DeleteProject, DeleteProjectMember, RevokeMemberProjectRoles). However, there are conflicting bits: installation/config docs include examples showing AK/SK configuration and a 'Create Custom Policy' example (in references/ram-policies.md) that unexpectedly contains dataworks:UpdateProject (a prohibited operation). This contradiction could lead operators to grant permissions the skill says it must never use. The instructions also require setting request-level parameters (User-Agent, 4s timeout, explicit endpoint) that an agent may not be able to enforce consistently.
Install Mechanism
The registry contains no formal install spec (instruction-only), which is low-risk. The included CLI installation instructions advise downloading from aliyuncli.alicdn.com and show curl | bash and wget + tar flows — those are standard official installers hosted on Alibaba's CDN, but download-and-exec patterns (curl | bash) are inherently higher-risk if users don't verify the source. No third-party or obfuscated URLs are used.
!
Credentials
The skill metadata declares no required env vars or config paths, yet the docs rely on credentials via the Aliyun default credential chain (environment variables like ALIBABA_CLOUD_ACCESS_KEY_ID/SECRET, ~/.aliyun/config.json, or ECS RAM role). That implicit access to sensitive credentials is not declared. Also, example guidance shows how to configure AK/SK and environment variables, increasing the chance that users will provide long-lived keys; the skill should have declared credential needs explicitly and recommended least-privilege (RAM policies) rather than providing conflicting policy examples.
Persistence & Privilege
The skill is instruction-only, always:false, does not request permanent platform-level presence, and does not modify other skills. It does advise setting `aliyun configure set --auto-plugin-install true`, which modifies the user's CLI config (plugin auto-install behavior) but is scoped to the CLI and not to the agent platform. No 'always: true' or other elevated platform privileges are requested.
What to consider before installing
This skill appears to implement DataWorks workspace management via the official Aliyun CLI, but review before installing: 1) The skill needs your Alibaba Cloud credentials (via environment variables, ~/.aliyun/config.json, or an ECS role) even though the registry metadata lists none — only install it if you understand which credentials the agent will use. 2) Use a dedicated RAM user with the minimum DataWorks permissions (member management + read + create as needed); avoid root account keys and avoid granting UpdateProject/DeleteProject/DeleteProjectMember/RevokeMemberProjectRoles. 3) Be cautious about running the suggested installer commands (the docs use curl | bash) — verify downloads and prefer package manager installs if possible. 4) Note a documentation inconsistency: a sample 'Create Custom Policy' in references/ram-policies.md includes dataworks:UpdateProject (a prohibited action). Before using the skill, correct that policy example (remove prohibited actions) and confirm the exact RAM policy you will grant. 5) If you want stronger safety, run the CLI commands yourself (not via the agent) or provide the agent only temporary, narrowly scoped STS credentials and audit activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk970v6f5hrqypg2cz26s8bzyed843w9e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments