Alibabacloud Oss Manage Metaquery
Security checks across malware telemetry and agentic risk
Overview
This looks like a purpose-aligned Alibaba Cloud OSS semantic-search skill, but it needs scoped Aliyun credentials and can index or modify selected OSS buckets.
Install only if you intend to use Alibaba Cloud OSS MetaQuery. Use least-privilege RAM or temporary STS credentials scoped to the target bucket, avoid sharing AK/SK in chat or shell history, verify CLI installer sources, confirm possible costs before indexing large buckets, and review every upload/delete/index-enable action before approving it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or updating CLI tools/plugins can change the local environment and introduce supply-chain risk if the source is not trusted.
The skill directs users/agents to run a remote installer and enable/update Aliyun CLI plugins. This is expected for an Alibaba Cloud CLI-based skill, but it modifies the local toolchain and depends on trusting the remote source.
run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` ... `[MUST] run `aliyun configure set --auto-plugin-install true` ... `[MUST] run `aliyun plugin update`
Use official Alibaba Cloud installation documentation, verify download sources where possible, and run setup commands only in an environment where you are comfortable modifying the CLI toolchain.
With these credentials, the agent can act on the selected OSS bucket, potentially reading content, writing files, enabling indexes, and incurring cloud costs.
The documented permissions allow reading objects, uploading objects, enabling/querying MetaQuery, and closing the data index for OSS buckets. These privileges are expected for the stated function but are high-impact cloud permissions.
`oss:GetObject`, `oss:PutObject`, `oss:OpenMetaQuery`, `oss:DoMetaQuery`, `oss:GetMetaQueryStatus`, `oss:CloseMetaQuery`
Use a dedicated RAM user or STS token scoped to the exact bucket and region needed; avoid root credentials or broad account-wide permissions.
Private images, videos, audio, or documents in the bucket may be analyzed and represented in a persistent search index.
The skill's core feature causes OSS to analyze bucket contents and build persistent AI/vector metadata that can be reused for semantic search.
Service Role Permission Scope: - Read file content in the Bucket for AI analysis - Build and manage vector indexes - Process incremental file updates
Enable MetaQuery only on intended buckets, use filters or separate buckets for sensitive data, review retention/cleanup needs, and close the index when it is no longer needed.
If the user approves the wrong bucket or object deletion, OSS data could be permanently removed.
The skill documents irreversible OSS deletion commands. It also requires explicit confirmation, so this is disclosed and controlled, but it remains a high-impact tool capability.
Before executing any of the following dangerous operations, **you MUST confirm with the user first** ... **Delete Bucket** ... Deletes the entire Bucket, irreversible ... **Delete Object**
Carefully verify bucket names, object keys, and backups before approving any delete or cleanup command.