Skillv0.0.1

ClawScan security

Alibabacloud Icpba Sucessdata Query · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 2:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the claimed Alibaba Cloud ICP filing query logic, but there are metadata/instruction inconsistencies and a few installation/configuration steps that warrant caution before installing.
Guidance: This skill appears to be a legitimate Alibaba Cloud ICP filing query helper, but before installing or running it: 1) Recognize that it requires valid Alibaba Cloud credentials (AK/SK, STS token, profile, or ECS RAM role) even though the metadata doesn't declare them — configure credentials via the CLI or environment outside the chat as instructed. 2) Review the scripts (scripts/query_icp_filing.py and requirements.txt) yourself to confirm there are no unexpected network endpoints; the code and docs shown call companyreg.aliyuncs.com (Alibaba) which is expected. 3) Be cautious about running the suggested curl | bash installer and enabling auto-plugin-install: prefer downloading/installing the CLI from a verified package or running the install script manually after inspection. 4) Grant only the minimum RAM permissions (beian:QuerySuccessIcpData) to the identity used, follow least privilege and rotate keys. 5) If you run this on a shared or production machine, consider using a dedicated low-privilege account or temporary STS credentials and test in a sandbox first. If you want, I can summarize the exact lines in the included scripts that access credentials or endpoints to help you review them.

Review Dimensions

Purpose & Capability: noteThe skill's code and SKILL.md consistently implement querying Alibaba Cloud's companyreg (Beian) QuerySuccessIcpData API and request the beian:QuerySuccessIcpData RAM permission — this matches the stated purpose. However, the skill registry metadata declares no required credentials or primary credential even though the SKILL.md and Python code rely on Alibaba Cloud credentials (AK/SK, STS, profile or ECS RAM role) discovered by CredentialClient. The omission in metadata is an inconsistency the user should be aware of.
Instruction Scope: noteRuntime instructions stay within the stated scope: they direct the agent to use Aliyun CLI for environment checks and the Alibaba Python Common SDK to call the QuerySuccessIcpData API, require explicit user confirmation of parameters, and explicitly forbid printing or asking for AK/SK in-chat. A potentially unexpected action is enabling CLI 'ai-mode' and setting auto-plugin-install and updating plugins — these change local CLI behavior and can cause additional plugin downloads; this is relevant but related to the stated need to ensure required plugins exist.
Install Mechanism: noteNo formal install spec is provided (instruction-only), which is low-risk in principle. The SKILL.md instructs installing the Aliyun CLI via a curl | bash installer hosted on alicdn.com (Alibaba's CDN) and pip installing requirements.txt. The download host is the vendor's CDN (reasonable), but piping a remote install script to bash and enabling automatic plugin installs are higher-risk operations compared with a reviewed package install. Review the install script and run it manually in a controlled environment if concerned.
Credentials: concernThe skill requires Alibaba Cloud credentials at runtime (CredentialClient uses environment variables, credentials file, or ECS metadata), but the registry entry lists no required env vars or primary credential. That mismatch reduces transparency: the skill will need access to ALIBABA_CLOUD_* credentials or a configured aliyun profile even though those weren't declared in metadata. The requested RAM permission (beian:QuerySuccessIcpData) is appropriately scoped to read-only ICP filing data.
Persistence & Privilege: okThe skill does not request always:true and does not declare system-wide persistence. It does instruct changing the Aliyun CLI configuration (ai-mode, user-agent, auto-plugin-install, plugin update), which modifies the user's CLI config but is limited to the CLI tool and not to other skills. No skill-level self-enablement or cross-skill config writes were observed.