Alibabacloud Elasticsearch Instance Manage
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Alibaba Cloud Elasticsearch management skill, but it uses cloud credentials and can create or change paid instances, so users should review commands carefully.
Install only if you intend to let the agent manage Alibaba Cloud Elasticsearch. Configure credentials outside the chat, use least-privilege RAM permissions, verify every billable or disruptive command before approval, and install/update Aliyun CLI only from sources you trust.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approving the wrong command could create billable resources, restart a cluster, or change instance sizing.
The documented operations include paid or disruptive cloud mutations, but the skill discloses them and requires explicit user-supplied parameters.
Manage Alibaba Cloud Elasticsearch instances: create, describe, list, restart, upgrade/downgrade configuration... parameters such as `--region`, `esAdminPassword`, `vpcId`, `vswitchId`, `vsArea`, `paymentType` MUST be explicitly provided by the user.
Review the region, instance ID, payment type, node size/count, and operation type before approving any create, restart, or update command.
The agent will act with the privileges of the configured Alibaba Cloud profile or environment credentials.
The skill needs Alibaba Cloud account authority capable of creating and modifying Elasticsearch instances; this is expected for the purpose and includes credential-handling safeguards.
Pre-check: Alibaba Cloud Credentials Required... ONLY read credentials from environment variables or pre-configured CLI profiles... Minimum Required Permissions: `elasticsearch:CreateInstance` ... `elasticsearch:RestartInstance` ... `elasticsearch:UpdateInstance`
Use a dedicated RAM user or role scoped to the needed Elasticsearch actions and region, prefer temporary credentials where possible, and never paste AccessKey secrets into chat.
CLI or plugin updates can change local executable behavior before cloud commands are run.
The setup path relies on remote CLI installation and automatic plugin updates; this is disclosed and central to using Aliyun CLI, but it means remote code/plugins may run locally.
run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to update... run `aliyun configure set --auto-plugin-install true`... run `aliyun plugin update`
Install Aliyun CLI from trusted official sources, verify versions where practical, and avoid running remote setup scripts in environments where that source is not trusted.