Skillv0.0.1

ClawScan security

Alibabacloud Ddoscoo Intercept Query · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 2:02 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (querying Alibaba Cloud DDoS Pro intercept logs via the Aliyun CLI and SLS); required permissions and actions align with that goal, with only a few operational notes to watch for.
Guidance: This skill appears to do what it says: it queries Alibaba Cloud DDoS Pro and SLS logs via the Aliyun CLI and produces an analysis. Before using it, ensure you: (1) run it in an environment with appropriate Alibaba Cloud credentials (use a least-privilege RAM user or STS token, not root keys); (2) review and grant only the RAM permissions listed in references/ram-policies.md; (3) be aware the skill will ask you to enable AI-mode and may install CLI plugins (these change your local Aliyun CLI config and download code from Alibaba's distribution servers) — verify AI-mode is disabled at exit; (4) do not paste AK/SK into chat — configure credentials outside this session; and (5) if you rely on the helper script, note it masks many sensitive fields but may print raw CLI output in error cases (review that behaviour if logs may contain secrets). If any of those points are unacceptable, do not install/run the skill until addressed.

Review Dimensions

Purpose & Capability: okThe skill is designed to query DDoS Pro intercepts using the Aliyun CLI and SLS logs. The included Python script invokes `aliyun sls get-logs` and the documentation lists the exact ddoscoo and sls APIs required. No unrelated credentials, binaries, or external services are requested in the metadata — authentication is via the Aliyun CLI credential chain as expected.
Instruction Scope: noteSKILL.md stays on-scope: it enumerates discovery, SLS log querying, rule analysis, and (with explicit confirmation) limited rule disable operations. The doc enforces user confirmation for any change and forbids printing AK/SK. Minor operational caveats: the Python script prints raw CLI output (first 200 chars) in some error paths which could contain sensitive log content; the script attempts masking of known sensitive fields but a JSON parse failure path prints raw output. Reviewers should be aware of that small leakage risk.
Install Mechanism: noteThere is no packaged install spec in the registry (instruction-only + a helper script). However, the runtime instructions require the Aliyun CLI (>=3.3.3) and ask to enable auto-plugin-install and install the SLS plugin using the CLI. Those CLI plugin installs will download code via Alibaba's distribution (aliyuncli.alicdn.com) — expected for this functionality, but they are performed outside the skill metadata and will modify the local CLI installation.
Credentials: okThe skill requests no extra environment variables in metadata and relies on the Aliyun CLI credential chain (AK/STSToken/RAM role/etc.). The referenced RAM permissions are appropriate for discovering instances, reading SLS logs, and (optionally, with explicit user consent) toggling rules. The set of required ddoscoo/log permissions is proportional to the described tasks.
Persistence & Privilege: notealways:false and the skill has no persistent install behavior in the registry. Operationally, the instructions require enabling 'AI-Mode' and setting a User-Agent in the global Aliyun CLI config and enabling auto-plugin-install — these are global CLI configuration changes that the SKILL.md mandates be reverted (disable AI-mode) at every exit. This is legitimate for the skill's operation but you should verify AI-mode is disabled after runs and consider that auto-plugin-install will allow the CLI to fetch plugins.