Skillv0.0.1

ClawScan security

Alibabacloud Ecs Reboot Or Crash Diagnosis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 6:35 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches an ECS reboot/crash diagnostic tool, but the manifest omits declaring required CLI/tools and implicit credential needs and it instructs the agent to execute powerful remote commands (ecs:RunCommand) — these mismatches merit caution.
Guidance: This skill appears to do what it says (ECS reboot/crash diagnosis) but has some mismatches you should address before installing: 1) Expect to provide Alibaba Cloud credentials (with ecs:RunCommand and related permissions); do not use highly privileged/global credentials — create a least-privilege RAM user scoped to the specific resources and actions. 2) Confirm the policy Resource is restricted to the instances/regions you intend to diagnose (avoid Resource="*"). 3) Understand that the agent will run remote scripts on your instances via Cloud Assistant (ecs:RunCommand) — test on non-production first. 4) Verify aliyun-cli is installed locally and review the AI-Mode user-agent step (it will identify the agent). 5) Review the exact diagnostic commands the agent will run (they are in references/diagnostic-commands.md) to ensure no sensitive data is printed/collected unintentionally. If the manifest provided explicit required env vars and a scoped example policy (no wildcard resources), my confidence would be higher.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (ECS reboot/crash diagnosis) legitimately requires calling Alibaba Cloud ECS APIs and using Cloud Assistant to run remote diagnostics. However, the skill manifest declares no required binaries or credentials, while SKILL.md explicitly requires aliyun-cli, AI-Mode configuration, and pre-configured Alibaba Cloud credentials. That omission is an incoherence: the declared requirements do not list the real capabilities the skill needs.
Instruction Scope: noteThe runtime instructions stay within the diagnostic domain: they call DescribeInstances, DescribeInstanceHistoryEvents, DescribeCloudAssistantStatus, RunCommand and DescribeInvocations and run diagnostic scripts on the instance. This is appropriate for the stated purpose, but it grants the agent a workflow that will execute arbitrary shell/PowerShell content on user instances via ecs:RunCommand — a powerful capability that must be limited and audited. The instructions also demand a strict output template and require enabling aliyun CLI AI-Mode and setting a custom user-agent.
Install Mechanism: okNo install spec is present (instruction-only). That reduces installation risk because nothing is downloaded or written by the skill itself. The SKILL.md expects the operator to have aliyun-cli installed, rather than installing it automatically.
Credentials: concernThe skill implicitly requires Alibaba Cloud credentials (to run aliyun CLI and ecs:RunCommand), but the manifest lists no required environment variables or primary credential. references/ram-policies.md suggests the skill needs ecs:RunCommand and other ECS permissions; the example policy uses Resource="*", which is broader than ideal. The lack of explicit credential declaration in the manifest is an inconsistency and increases the chance a user will accidentally grant overly broad credentials.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent presence. Autonomous invocation is allowed (platform default) but there is no evidence the skill modifies other skills or system-wide settings. The AI-Mode enable/disable steps affect CLI configuration during runtime; the skill asks the user to enable AI-Mode and then disable it afterwards.