Alibabacloud Ddos Security Monitor
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can query DDoS-related assets, IPs, domains, traffic, and attack-event data from the configured Alibaba Cloud account.
This shows the workflow depends on an existing Alibaba Cloud CLI credential profile. That is expected for cloud DDoS inspection, but it gives the agent account-level read access within the configured RAM permissions.
**Credentials required** — see [CLI Credential Setup](references/cli-setup.md). Run `aliyun configure list` to verify.
Use a dedicated least-privilege RAM sub-account with only the listed read-only Describe/List permissions, and do not paste access keys or secrets into the agent session.
Running the workflow may generate many read-only API calls and collect a broad DDoS asset inventory across regions.
The skill intentionally uses raw Aliyun CLI OpenAPI calls and mandates broad regional traversal. The calls are aligned with the monitoring purpose and appear read-only, but users should expect multiple account queries.
This skill performs security inspection ... entirely through Aliyun CLI direct OpenAPI calls ... Final list >= 12 Regions. ALL must be traversed, NEVER break due to empty/error.
Review the requested product scope, time range, and regions before execution; monitor API rate limits and only run under an account intended for inspection.
If followed, local CLI software or plugins may be installed or updated from the network.
The setup guidance includes a remote shell installer and automatic plugin installation/update. This is user-directed and relevant to using Aliyun CLI plugins, but it relies on external installation sources.
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash ... aliyun configure set --auto-plugin-install true ... aliyun plugin update
Install Aliyun CLI from official sources you trust, avoid running remote scripts blindly, and consider reviewing or using package-manager/GitHub release installation paths where appropriate.
If cleanup is interrupted, Aliyun CLI AI-mode could remain enabled after the inspection session.
The workflow changes Aliyun CLI AI-mode state and relies on cleanup at every exit path. The behavior is disclosed and includes a disable step, but it is a persistent local CLI setting users should notice.
Enable before any CLI invocation, disable at EVERY exit point: `aliyun configure ai-mode enable` ... `aliyun configure ai-mode disable`
After use, run or verify `aliyun configure ai-mode disable`; also review any persistent CLI settings such as auto plugin install if you do not want them retained.