Alibabacloud Dms Data Agent Platform Setup
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real Alibaba Cloud DMS provisioning skill, but review it carefully because it can create paid cloud resources and recommends broad cloud permissions.
Only use this skill with a dedicated, least-privilege Alibaba Cloud RAM role. Run a dry run first, then explicitly confirm billing mode, pay period, resource sizes, and endpoint exposure before setting DryRun=false. Avoid typing passwords into shell commands if possible, and review the CLI/plugin and Python dependency installation steps before running them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could provision prepaid cloud resources or endpoints with defaults they did not explicitly review.
When the user omits these fields, the helper fills prepaid billing and endpoint-related defaults. If DryRun is later set to false, those defaults can affect real cloud provisioning.
bodyArgItem("PayType", str, "PrePaid", ...); bodyArgItem("PayPeriod", int, 1, ...); bodyArgItem("EnableExtraEndpoint", bool, True, ...); bodyArgItem("OnlyIntranet", bool, False, ...)Before running with DryRun=false, require explicit user confirmation of billing mode, pay period, resource sizes, and public versus intranet endpoint settings.
If the agent, CLI profile, or credentials are misused, broader DMS permissions could allow actions beyond this provisioning workflow.
The documented recommended policy is broader than the listed least-privilege actions such as dms:CreateDifyInstance and dms:ListInstances.
Grant the RAM user or role the system policy `AliyunDMSFullAccess` for full DMS operation permissions related to Dify instance provisioning.
Use a dedicated RAM role with the least-privilege actions listed in the skill, and avoid granting full DMS access unless truly necessary.
Database passwords could be exposed locally if entered directly into a shell command.
The example passes database, KV store, and vector database passwords in a command-line JSON argument. The code masks sensitive values in some errors/output, but command-line arguments can still appear in shell history or process listings.
"DbInstancePassword": "<password>", ... "KvStorePassword": "<password>", ... "VectordbPassword": "<password>"
Prefer a safer secret-entry method where possible, avoid saving commands containing passwords, and clear shell history if secrets are typed.
Installation or plugin updates could introduce supply-chain risk if the external sources or local environment are compromised.
The setup flow downloads or updates external CLI plugins and Python packages. This is expected for the Alibaba Cloud integration, and the Python requirements are version-pinned, but it still depends on external package/plugin sources.
aliyun configure set --auto-plugin-install true ... aliyun plugin update ... uv pip install --python .venv/bin/python -r scripts/requirements.txt
Install from trusted sources, review dependency versions, and run the setup in an isolated virtual environment as the skill suggests.