Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Alibabacloud Openclaw Ecs Dingtalk
v0.0.1Deploy OpenClaw AI agent platform on Alibaba Cloud ECS and integrate with DingTalk bot. OpenClaw (formerly Clawdbot/Moltbot, 中文名"龙虾") is an open-source AI as...
⭐ 0· 17·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (deploy OpenClaw on Alibaba Cloud ECS and integrate with DingTalk) matches the SKILL.md content: it uses Alibaba Cloud CLI (aliyun), MaaS (Bailian) API key creation, ECS/VPC/EIP operations, and DingTalk app credentials. However, the skill metadata declares no required binaries or credentials, while the instructions plainly require the 'aliyun' CLI (and appropriate Alibaba Cloud credentials/RAM permissions). That metadata omission is an incoherence.
Instruction Scope
SKILL.md stays within deployment/integration scope: it instructs creating VPC/VSwitch/security groups, ECS instance, allocating EIP, installing the MaaS CLI plugin, creating Bailian API keys, and configuring the DingTalk connector. The instructions emphasize input validation, masking, and encoding sensitive values for remote RunCommand usage. I found no instructions to read unrelated user files or exfiltrate data to unknown endpoints.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing will be written to disk by the skill package itself. That lowers supply-chain risk. However, the runtime steps do call out installing the 'aliyun' MaaS plugin and running remote commands on an ECS instance (via RunCommand), which are expected for this purpose.
Credentials
The instructions require broad Alibaba Cloud permissions (ECS, VPC, EIP, STS, MaaS create/list API keys and RunCommand). The provided references explicitly show two options: a broad FullAccess approach (flagged as unsafe) and a recommended custom policy. The package metadata, however, lists no required credentials or binaries (no mention of needing configured Alibaba Cloud access keys, a RAM user, or the 'aliyun' CLI). That mismatch (metadata claiming no env/creds while the workflow absolutely requires cloud credentials and CLI access) is a notable inconsistency. Also consider the risk of granting high privileges (AliyunECSFullAccess etc.) to the actor performing automated steps — follow least privilege.
Persistence & Privilege
The skill does not request always:true and is instruction-only; it does not persistently modify other skills or agent-wide configuration in the package. Runtime actions (creating cloud resources, running remote commands) are inherently privileged but expected for a deployment skill; the skill itself does not request elevated platform privileges beyond normal agent invocation.
What to consider before installing
This skill appears to do what it claims (create ECS resources, get a Bailian API key via aliyun maas, and configure the DingTalk connector), but the registry metadata omits important runtime requirements. Before installing or running:
- Confirm the 'aliyun' CLI is installed and that you are comfortable providing/using Alibaba Cloud credentials (RAM user or AccessKey). The skill expects the CLI and cloud credentials even though metadata lists none.
- Do NOT attach broad FullAccess policies in production. Prefer the provided least-privilege custom RAM policy and scope resources where possible.
- Understand that the skill will create and delete cloud resources and will run remote commands on created instances (ecs:RunCommand). Run it first in a throwaway/test account or sandbox to validate behavior.
- Verify how the Bailian API key and DingTalk secrets will be stored and rotated after creation. The skill will create API keys via the CLI; ensure you collect/store them securely and rotate them if exposed.
- Because the package origin is unknown and there are no code files, prefer to obtain an official source (repository, documentation, or publisher identity) before trusting automated actions. If you need higher confidence, ask the publisher for: the source repo link, signed release, or an explanation why required binaries/credentials are not declared in metadata.
Confidence in this assessment is medium because the instructions themselves are coherent with the declared purpose, but metadata omissions and the potential for overly-broad IAM choices are red flags that should be resolved before trusting the Skill in a production environment.Like a lobster shell, security has layers — review code before you run it.
latestvk978wfrn1kw591r7t61eq4jeqx84g9f5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.