Alibabacloud Kms Secret Manage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent Alibaba Cloud KMS helper, but it can read, change, rotate, and delete secrets, so it should only be used with carefully scoped cloud permissions.
Use this skill only with a dedicated, least-privilege Alibaba Cloud RAM role or profile. Confirm the active Aliyun CLI account, region, and secret name before any write, rotation, or delete operation, and avoid asking the agent to display plaintext secrets unless absolutely necessary.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with an over-privileged RAM user or the wrong Aliyun CLI profile, the agent could expose, change, or delete important cloud secrets.
The skill documents broad Alibaba Cloud KMS permissions that can read secret values and mutate or delete secrets and related keys. This is aligned with the skill purpose, but it is high-impact account authority.
Full Permissions (Read-Write): kms:CreateSecret, kms:DeleteSecret, kms:UpdateSecret, ... kms:GetSecretValue, ... kms:SetSecretPolicy, ... kms:CreateKey
Use a dedicated RAM user or role with least-privilege access to only the needed secrets, confirm the active profile/account/region, and avoid root or full-account credentials.
Plaintext secrets shown in chat, terminal logs, screen sharing, or session history could be exposed.
The skill is designed to retrieve secret values, which may enter the agent conversation or logs if plaintext output is requested. The artifact includes masking and confirmation guidance, which reduces but does not eliminate the handling risk.
Secret values returned by GetSecretValue are masked by default (e.g., `***`), only output in plaintext when user explicitly requests
Request masked output unless plaintext is truly needed, retrieve secrets only in a private environment, and rotate any secret that may have been exposed.
A mistaken secret name, region, or profile could permanently delete a production secret.
The reference verification script includes a force-delete command. In context it uses a generated test secret and is user-run documentation, but the same pattern would be destructive if adapted to real secrets.
aliyun kms DeleteSecret \ --SecretName "$SECRET_NAME" \ --ForceDeleteWithoutRecovery true
Prefer soft deletion with a recovery window, double-check secret name/account/region, and require explicit confirmation before force deletion.
Installing an unverified or compromised CLI binary could put cloud credentials and KMS operations at risk.
The setup guide installs the latest external Aliyun CLI binary and moves it into a privileged PATH location. This is normal integration setup, but it depends on external supply-chain trust.
wget https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz ... sudo mv aliyun /usr/local/bin/
Install from official sources, prefer a trusted package manager, verify checksums/signatures when available, and pin versions for production environments.
A rotation policy or managed credential change could break applications, lock out users, or disrupt database and instance access.
Managed credential rotation can change passwords or access keys used by dependent applications. This is a documented feature, but it can affect live services if misconfigured.
SingleUser: Single account mode, directly modifies account password during rotation
Test rotation in non-production first, use dual-user rotation where possible, monitor rotation events, and maintain rollback or restore procedures.