ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alibabacloud Ram Permission Diagnose

v0.0.1

Alibaba Cloud RAM permission diagnosis and repair assistant. When an agent encounters any permission-related error while operating Alibaba Cloud resources (4...

1· 52·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's declared purpose (RAM permission diagnosis and repair) aligns with the CLI calls and repair commands in the docs (DecodeDiagnosticMessage, ListPoliciesForUser, CreatePolicy, AttachPolicyToUser, UpdateRole, etc.). Requiring the aliyun CLI and RAM API calls is expected. Minor mismatch: the skill is instruction-only and declares no credentials/env vars even though it assumes an already-configured aliyun CLI (credentials held by the environment), which should be made explicit in metadata but is not.
!
Instruction Scope
The SKILL.md instructs the agent to execute many CLI queries and also write repair changes (CreatePolicy, UpdateRole). It also instructs the agent to scan conversation context for a 'Base directory' injected by other skills and, if found, read '<path>/references/ram-policies.md' from that directory (Coverage Check). That behavior allows the skill to read arbitrary files if another skill provides a manipulated base path and could lead to unintended exposure of local data. The skill also writes temporary files to /tmp when decoding is retried — normal for diagnostics but should be handled carefully. The directive to always append '--user-agent AlibabaCloud-Agent-Skills' to directly executed CLI calls is unusual (affects telemetry/logging) but not by itself malicious. The doc correctly requires user confirmation before executing repairs, which mitigates some risk.
Install Mechanism
Instruction-only skill with no install spec or code — lowest install risk. There are no downloads or packages to write to disk beyond the agent creating temp files at runtime as per the instructions.
!
Credentials
The skill declares no required env vars or primary credential, but runtime operation depends on existing aliyun CLI credentials/configuration (AK/SK/STS). The instructions also reference optional RAM permissions (ram:DecodeDiagnosticMessage, AliyunRAMReadOnlyAccess) and require potentially high privileges for repair operations (AliyunRAMFullAccess). The Coverage Check behavior (reading other skills' base dir) is an environment/config access that goes beyond diagnosing RAM and could expose unrelated sensitive files. Overall the credentials/actions the skill uses are proportionate to diagnosis/repair but the lack of explicit declared creds and the file-read behavior are concerning.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; autonomous invocation is allowed (platform default). The skill includes write actions (policy creation/attachment and role updates) but instructs the agent to present repair options and wait for user confirmation before executing them. That is acceptable but requires strict UI/consent controls — if the agent is allowed to invoke skills autonomously, there is a risk of mistaken or coerced repairs if prompts are ambiguous. No instruction modifies other skills' configuration.
What to consider before installing
This skill largely does what it claims (diagnose and repair RAM permissions), but it has a few behaviors you should be aware of before installing or enabling it: - Local-file access: it will look for a 'Base directory' value injected by other skills and may read <that-path>/references/ram-policies.md. If another skill or an attacker can set that Base directory to an arbitrary path, this skill could read local files and include their contents in diagnostic output. Only allow this skill when you trust the other installed skills and the agent environment. - Write actions: the skill contains documented commands that create and attach policies and update role trust policies. It says it will wait for user consent before performing repairs, but confirm that your agent UI will always show the exact CLI commands and require an explicit, unambiguous approval before any write is executed. Treat any automated repair action as high-privilege — review the proposed changes carefully. - Credentials scope: the skill assumes the aliyun CLI is configured. Prefer running diagnostics with least-privilege credentials (AliyunRAMReadOnlyAccess) and only grant broader rights (AliyunRAMFullAccess) when you explicitly decide to allow repairs and trust the agent session. - Telemetry flag: the skill instructs appending '--user-agent AlibabaCloud-Agent-Skills' to CLI calls when executed directly. Be aware this adds an identifying header to requests (useful for logging/telemetry) — review whether you’re comfortable with that. Recommendations before enabling: 1) Test in a non-production account or sandbox first. 2) Restrict agent autonomy (require explicit human approval for any write operations). 3) Inspect any 'references/ram-policies.md' file that the skill may read, and ensure no untrusted skill can inject a Base directory pointing at sensitive locations. 4) When allowing repairs, review the exact CLI commands the agent proposes and cross-check the policy JSON before applying.

Like a lobster shell, security has layers — review code before you run it.

latestvk975bxydm931fmvp47dfcyx83d83w1pw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments