ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alibabacloud Elasticsearch Network Manage

v0.0.1-beta.1

Alibaba Cloud Elasticsearch Instance Network Management Skill. Use for managing ES instance network configurations including triggering network, Kibana PVL n...

0· 13·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires walletRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description align with the operations described in SKILL.md (TriggerNetwork, Kibana PVL, ModifyWhiteIps, Open/Close HTTPS). Requiring Alibaba Cloud credentials is appropriate for this purpose. However, the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while SKILL.md explicitly lists ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET as required — an inconsistency between declared metadata and runtime instructions.
Instruction Scope
SKILL.md confines the agent to using the Aliyun CLI and the Alibaba Cloud APIs and enforces explicit parameter confirmation before any destructive action. It forbids echoing or asking for AK/SK in chat and instructs to check credentials with 'aliyun configure list'. The instructions do not appear to instruct reading unrelated host files, searching user history, or sending data to third-party endpoints.
Install Mechanism
There is no formal install spec in the registry (instruction-only). The doc suggests installing the Aliyun CLI via a curl -fsSL https://aliyuncli.alicdn.com/install.sh | bash command (and provides alternative package manager/binary downloads from aliyuncli.alicdn.com). Using the official Alibaba CDN is expected for this tool, but piping remote install scripts to bash is a higher-risk pattern; users should verify the URL and prefer platform-native packaging or manually inspect the installer.
!
Credentials
The credentials demanded by the SKILL.md (ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET, optionally ALIBABA_CLOUD_REGION_ID) are appropriate for performing the documented ES network operations. The concern is that the registry metadata does not declare these required env vars or a primary credential, which is a disclosure mismatch that could hide the fact the skill needs AK/SK. Additionally, the provided RAM policy examples include broad Resource:"*" permissions; users should scope permissions to specific instance ARNs and grant least privilege (or use STS / role-based access).
Persistence & Privilege
always is false and there is no install script that writes persistent agent-level configuration. The skill is instruction-only and does not request elevated platform privileges or attempt to modify other skills' configuration. Autonomous model invocation is enabled by default but is not combined with other red flags here.
What to consider before installing
This skill appears to do what it says (manage Alibaba Cloud ES network settings), but before installing or using it: 1) Note the mismatch: the SKILL.md requires ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET, yet the registry metadata lists no required env vars — treat that as a red flag and confirm with the skill author or provenance. 2) Do not paste AK/SK into chat; configure credentials locally (aliyun configure or environment variables) and verify with 'aliyun configure list'. 3) Create a RAM user with the minimal per-operation permissions (scope to specific instance ARNs) or use STS tokens/ECS roles instead of long-lived root-like keys. 4) Inspect or avoid running the suggested 'curl | bash' installer; prefer your OS package manager or download-only flows you can inspect. 5) Test actions in a non-production account or sandbox first and verify all commands include the required --user-agent flag and that the CLI outputs are what you expect. 6) If you are concerned about autonomous agents executing operations, disable autonomous invocation or require explicit confirmation before running any CLI commands. If the registry metadata is authoritative, ask the publisher to correct the declared required env vars before trusting the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxyngcgk1e5zahmm3d9y3ds84gvb6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments