Alibabacloud Flink Instance Manage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears purpose-aligned for Alibaba Cloud Flink create/query tasks, but it needs cloud credentials and can create billable cloud resources.
Install and use this only if you intend to manage Alibaba Cloud Flink resources. Before running create commands, verify the region, VPC/VSwitch, CPU/memory, and billing model, and use a least-privilege RAM identity rather than broad or root credentials. The provided static scan is clean, but because some source content in the prompt was truncated, inspect the actual scripts in your local copy before production use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with real credentials, the agent can create Alibaba Cloud Flink resources that may cost money or affect cloud operations.
The skill can perform cloud resource creation, which is high-impact, but the artifacts disclose this scope and include confirmation, validation, retry, and read-back rules.
Allowed commands: `create`, `create_namespace`, `describe` ...; `create` and `create_namespace` must include `--confirm`.
Only use this skill when you explicitly intend to create or inspect Flink resources, review the exact command and parameters, and confirm billing/resource implications.
Overly broad credentials could let the operation affect more cloud resources than intended if the user or agent supplies incorrect parameters.
The skill relies on Alibaba Cloud credentials to call the Flink OpenAPI. This is expected for the stated integration, but the permissions granted to those credentials determine the account impact.
Requires Python dependencies from assets/requirements.txt, valid Alibaba Cloud credentials, and network access to Flink OpenAPI
Use a dedicated RAM user or role with only the Flink permissions needed, avoid root account keys, and prefer temporary credentials or RAM roles where possible.
Following optional setup steps without verification could install a changed or unexpected binary on the local machine.
The optional CLI setup guide includes user-directed download and privileged installation of the latest Aliyun CLI binary. This is normal setup documentation, but users should verify the source before installing.
wget https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz ... sudo mv aliyun /usr/local/bin/
Prefer official package-manager installation when available, verify download sources/checksums, and avoid using sudo unless necessary.