Alibabacloud Dts Task Query
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: alibabacloud-dts-task-query Version: 0.0.1 The skill is a legitimate tool for querying Alibaba Cloud Data Transmission Service (DTS) tasks across multiple regions. The Python script `scripts/query_dts_tasks.py` uses the Alibaba Cloud CLI to fetch data and includes proper input validation for regions and worker counts, using `subprocess.run` safely with argument lists. While `SKILL.md` contains aggressive instructions to the AI agent regarding output completeness and formatting (e.g., 'NEVER truncate'), these are clearly intended to ensure data integrity in the model's response rather than to subvert security controls or exfiltrate data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may let the agent read DTS task metadata from the Alibaba Cloud account configured in the Aliyun CLI.
The skill requires Alibaba Cloud RAM permission to enumerate DTS jobs across account resources. This is read-only and purpose-aligned, but it is still cloud account authority.
"Action": ["dts:DescribeDtsJobs"], "Resource": "*"
Use a least-privilege RAM user or role limited to dts:DescribeDtsJobs, and run it only in the intended Alibaba Cloud account/profile.
Running the setup may change the user's Aliyun CLI plugin environment beyond this one skill.
The setup instructions ask the user to update all Aliyun CLI plugins, not just a DTS-specific plugin. This is disclosed and user-directed, but it is broader than the skill's direct query function.
aliyun plugin update --all
Review the plugin update before running it, prefer official Aliyun CLI/plugin sources, and consider updating only the needed plugin if feasible.
DTS task details may remain temporarily on the local machine and could be visible to users or processes with access to the temp directory.
The script stores raw DTS API results in a local temporary JSON file for processing. This is purpose-aligned, but the data may include cloud task identifiers and status details.
fd, path = tempfile.mkstemp(suffix='.json', prefix='dts_raw_') ... json.dump(all_raw_jobs, f)
Run on a trusted machine and remove temporary files if they are not automatically cleaned up after execution.
The agent may display every returned DTS task row in the chat, which can be lengthy and may expose operational details.
The skill strongly constrains the agent's response format to show all rows. This supports completeness, but may conflict with a user's desire for a short summary or limited disclosure.
MUST output the COMPLETE script result without ANY truncation, omission, or summarization
If you only want a summary or filtered result, explicitly request a region, instance ID, or job name filter before using the skill.