Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Alibabacloud Milvus Manage
v0.0.1Manage the full lifecycle of Alibaba Cloud managed Milvus instances—creation, scaling, configuration management, network management, and status queries. Use...
⭐ 0· 46·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md explicitly requires the Alibaba Cloud CLI (aliyun >= 3.0) and a configured AccessKey or STS token to operate, but the registry metadata lists no required binaries and no required environment variables. That mismatch (declaring 'none' while the instructions require a cloud CLI and credentials) is incoherent and should be clarified by the publisher.
Instruction Scope
The runtime instructions are focused on calling the Milvus OpenAPI via the aliyun CLI (create, query, update, delete, modify network/whitelist, etc.). They do not instruct reading unrelated host files or exfiltrating arbitrary data. They do recommend setting ALIBABA_CLOUD_USER_AGENT in the environment and advise reusing the aliyun CLI profile. The need to use --force to bypass local path validation is called out; while unusual, it is explained as necessary for the Milvus commands.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be automatically downloaded or written to disk by an installer. That is the lowest-risk install mechanism.
Credentials
Managing Milvus instances legitimately requires Alibaba Cloud credentials and the RAM permissions enumerated in ram-policies.md. However, the skill metadata does not declare these required credentials/env vars. The included RAM policy example uses Resource: '*' (broad scope); while the doc mentions a narrower ARN-scoped alternative, the provided policy is wide and should be minimized in production.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but is not combined with additional privileged persistence.
What to consider before installing
This SKILL appears to be a coherent Milvus lifecycle helper, but there are important inconsistencies and risk items to consider before installing: 1) The skill requires the Alibaba Cloud CLI and account credentials (AccessKey/STS) to function, yet the registry metadata does not declare these requirements — confirm the publisher and ask them to correct the metadata. 2) The included RAM policy example is broad (Resource: '*'); grant only the minimum permissions needed (prefer instance-scoped ARNs) and create a separate limited AccessKey for the skill rather than using your full account key. 3) The skill instructs using --force to bypass CLI path checks; this is necessary for the described API but be careful to review generated CLI commands before execution. 4) Creating/deleting instances has billing implications and involves plaintext admin passwords in request bodies — avoid storing secrets in shared environments and prefer providing passwords interactively. 5) Because this is instruction-only, the agent will run your local aliyun CLI; if you are unsure of the skill's origin, run the provided example commands manually first to validate behavior. If you need higher assurance, ask the publisher to: (a) update the registry metadata to list the aliyun CLI and the ALIBABA_CLOUD_USER_AGENT env var as required, (b) provide a narrower minimal-permissions RAM policy, and (c) sign the skill or point to a verifiable homepage/source repository.Like a lobster shell, security has layers — review code before you run it.
latestvk978ckt9b9ynrfxmt7cm0q97q584htx4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.