Alibabacloud Dataworks Workspace Manage
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its DataWorks management purpose, but its setup guidance includes broad Alibaba Cloud permissions, including a permission it elsewhere says is prohibited.
Review the RAM permissions before installing or using this skill. Use a dedicated Alibaba Cloud RAM profile with only the listed necessary DataWorks actions, remove UpdateProject from any custom policy, avoid FullAccess unless truly required, and require explicit confirmation before creating workspaces or granting member roles.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with an Alibaba Cloud profile that has permission, the agent can create DataWorks workspaces and add or grant roles to members.
The skill’s intended function includes cloud mutations such as creating workspaces and changing member roles. This is purpose-aligned and disclosed, but users should notice the impact before allowing commands to run.
Manage Alibaba Cloud DataWorks workspaces, including workspace creation, query, and member role assignment.
Use a dedicated low-privilege RAM user/profile and confirm the region, workspace ID, user ID, and role codes before each mutating command.
A user following this policy example could give the agent or CLI profile authority to update DataWorks workspaces across all resources, even though the skill says updates should not be performed through it.
The custom RAM policy example grants UpdateProject and wildcard resource access even though the same artifact says UpdateProject is prohibited for this skill. This over-grants cloud authority beyond the stated allowed operations.
"Action": [ "dataworks:CreateProject", "dataworks:UpdateProject", "dataworks:GetProject", ... ], "Resource": "*"
Remove dataworks:UpdateProject from the custom policy, avoid broad FullAccess policies, and restrict Resource to the specific accounts, regions, or project IDs needed.
Installing from a live remote script or latest binary depends on Alibaba’s distribution endpoint and whatever version is served at install time.
The setup instructions include a user-directed remote installer for Aliyun CLI. This is expected for a CLI-based Alibaba Cloud skill, but it is an unpinned remote install path.
curl -fsSL --max-time 30 https://aliyuncli.alicdn.com/install.sh | bash
Prefer official package-manager installs where available, verify downloads according to Alibaba Cloud guidance, and install from trusted networks.