Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Alibabacloud Pai Workspace Manage
v0.0.1Alibaba Cloud PAI Workspace Management Skill. Create, query, and list workspaces on the Platform for AI (PAI). Triggers: "create PAI workspace", "query PAI w...
⭐ 0· 39·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The manifest lists no required binaries, env vars, or primary credential, but SKILL.md and reference docs clearly require the Aliyun CLI (aliyun) and jq and expect valid Alibaba Cloud credentials to be configured. That is inconsistent: a PAI workspace management skill legitimately requires the Aliyun CLI and cloud credentials, so those should be declared. The omission suggests sloppy metadata or under-declaration of capabilities.
Instruction Scope
The runtime instructions strictly forbid any execution that would expose raw API JSON (no intermediate variable captures, no two-step processing, always pipe to jq in a single command) — but other included reference files contain examples that violate those rules (e.g., capturing WorkspaceId with command substitution, quick verification script running get-workspace without the mandated single-pipeline jq masking). These internal contradictions mean an agent following one part of the docs could accidentally do what another part forbids, increasing risk of credential/PII leakage.
Install Mechanism
There is no formal install spec (instruction-only), which is lower surface risk, but the docs tell users to install aliyun CLI via Homebrew or direct download from aliyuncdn (alicdn) URLs — an expected and reasonable source. However, jq is required by the runtime examples but is not documented in required binaries or install guidance. The lack of a single authoritative install spec and missing jq mention is a mismatch worth fixing.
Credentials
The manifest declares no required environment variables or primary credential, yet the skill requires Alibaba Cloud credentials (AK/SK, STS tokens, or an ECS RAM role) to operate and the install guide even shows examples that set AK/SK via aliyun configure. The SKILL.md forbids printing/asking for AK/SK, but reference docs include examples that set them non-interactively. This inconsistent handling of credentials and absence from metadata is disproportionate and confusing.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. However, instructions require running `aliyun configure set --auto-plugin-install true` (which modifies CLI configuration) and the installation guide modifies PATH and config files. Those are normal for a CLI-based skill, but the combination of config changes plus the credential handling inconsistencies increases the chance of accidental leakage if the guidance is followed incorrectly.
What to consider before installing
This skill appears to be trying to do what it says (manage PAI workspaces) but the package metadata, SKILL.md, and reference files disagree in important ways. Before installing or letting an agent run it autonomously: 1) require the author/maintainer to correct the metadata to declare required binaries (aliyun and jq) and that Alibaba Cloud credentials are required; 2) fix contradictory examples — specifically remove or change command-substitution examples that capture raw CLI JSON and ensure every example uses a single-pipeline jq filter when sensitive fields are returned; 3) prefer using a dedicated RAM user with the least-privilege policy shown (do not use primary/root credentials); 4) run initial commands yourself (not via an autonomous agent) to verify outputs and masking behavior; and 5) avoid giving the agent permission to configure credentials or auto-install plugins until the docs are cleaned up. If the maintainer cannot reconcile these contradictions, treat the skill as untrusted for automated invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk97fngamay3a7pwvyj013fhvq983zd3k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.