Alibabacloud Liverecord Diagnosis
PassAudited by ClawScan on May 8, 2026.
Overview
This is a coherent read-only Alibaba Cloud live-recording diagnostic skill, but it requires an existing Alibaba Cloud CLI credential profile and changes CLI/plugin settings during setup.
Install only if you need Alibaba Cloud Live recording diagnostics. Use a dedicated least-privilege RAM user or role, configure credentials outside the chat, review the Aliyun CLI plugin and AI-mode setup steps, and avoid running this against production accounts unless the read-only access is approved.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can retrieve live-stream and recording metadata from the Alibaba Cloud account configured in the CLI.
The skill uses the user's Alibaba Cloud identity to query Live recording, stream, configuration, and callback data. This is purpose-aligned and read-only, but it is still account-level cloud access.
Pre-check: Alibaba Cloud Credentials Required ... ONLY use `aliyun configure list` to check credential status ... Required Actions: `live:DescribeLiveDomainMapping` ... `live:DescribeLiveRecordNotifyRecords`
Use a least-privilege RAM user or role with only the listed read-only Live permissions, and do not paste access keys or secrets into the chat.
Setup may change the local Aliyun CLI plugin state and install or update plugins on the user's machine.
The skill depends on installing/updating Alibaba Cloud CLI plugins rather than bundled code. This is expected for the diagnostic purpose, but it pulls executable plugin functionality from the CLI ecosystem.
[MUST] run `aliyun configure set --auto-plugin-install true` ... [MUST] run `aliyun plugin update` ... `aliyun plugin install --names live`
Install the CLI and plugins from trusted Alibaba Cloud sources, review plugin update behavior, and run setup in an environment where CLI changes are acceptable.
Aliyun CLI AI mode and the configured user-agent may remain enabled for future CLI use.
These commands appear to persistently alter Aliyun CLI configuration before diagnostic commands run. No autonomous background behavior is shown, but users should know the setting may remain after the session.
[MUST] Enable AI-Mode ... `aliyun configure ai-mode enable` ... `aliyun configure ai-mode set-user-agent --user-agent "AlibabaCloud-Agent-Skills/alibabacloud-liverecord-diagnosis"`
If you do not want these settings to persist, review the Aliyun CLI configuration after use and disable or reset AI-mode settings as needed.
A user could accidentally expose long-lived access keys if they copy credential setup commands into a shared terminal transcript or chat.
The reference guide includes direct credential-configuration examples. The main SKILL.md forbids handling AK/SK values in-session, so this appears to be setup documentation rather than intended agent behavior, but it is sensitive.
`aliyun configure set --mode AK --access-key-id <your-access-key-id> --access-key-secret <your-access-key-secret> --region cn-hangzhou`
Follow the stricter main authentication rules: configure credentials outside the agent session, prefer RAM roles or short-lived STS credentials, and never reveal AK/SK values.