Alibabacloud Ram Permission Diagnose
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Alibaba Cloud RAM troubleshooting skill, but it can install/update the Aliyun CLI and, with your approval, change cloud permissions.
This skill appears purpose-aligned for diagnosing and repairing Alibaba Cloud RAM permission errors. Before installing or using it, confirm you are comfortable with Aliyun CLI setup changes, use a scoped Alibaba Cloud profile, review every proposed RAM policy or role-trust change, and verify AI-mode or automatic plugin settings afterward if you do not want them to persist.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved and run, the skill can change which users or roles have access to Alibaba Cloud resources.
The skill documents CLI commands that can attach policies, change default policy versions, and update role trust policies. These are high-impact but directly aligned with RAM permission repair.
aliyun ram attach-policy-to-user ...; aliyun ram create-policy-version ... --set-as-default true; aliyun ram update-role ...
Review each proposed RAM change, prefer least-privilege custom policies, and keep the undo command or original policy document before applying repairs.
A credential or profile with RAMFullAccess can modify major account authorization settings.
Full repair functionality may require broad RAM administrative authority. That authority is expected for a RAM repair assistant, but it is sensitive.
Full functionality (L1+L2+L3): `AliyunRAMFullAccess`
Use the narrowest Alibaba Cloud profile that can perform the intended repair, and avoid running this skill with broader account privileges than necessary.
Your local Aliyun CLI installation or plugins may be installed or updated before diagnosis.
The setup path can execute a downloaded installer and enable automatic plugin installation/update for the Aliyun CLI. This is relevant to the skill purpose but changes local tooling from a remote source.
run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` ... [MUST] run `aliyun configure set --auto-plugin-install true` ... [MUST] run `aliyun plugin update`
Use official Aliyun CLI installation guidance where possible, verify the download source, and consider whether automatic plugin installation should remain enabled afterward.
A local Aliyun CLI mode intended for agent execution could remain enabled if the workflow stops unexpectedly.
The skill explicitly toggles a persistent CLI configuration mode and instructs cleanup at every exit. The cleanup requirement reduces risk, but interrupted runs could leave the setting enabled.
`aliyun configure ai-mode enable` ... `[MUST] Disable AI-Mode at EVERY exit point` ... `aliyun configure ai-mode disable`
After using the skill, verify AI-mode is disabled and review any persistent Aliyun CLI configuration changes.
If context is misleading, the agent could read the wrong permission-hints file and make less accurate recommendations.
The skill may trust a path found in conversation context to read another skill’s permission hints file. The read is narrow and purpose-aligned, but the path source should be trusted.
Scan conversation context for the most recent `Base directory: <path>` injected by a skill invocation ... try reading `<path>/references/ram-policies.md`
Only rely on platform-injected skill base directories, and do not let arbitrary prompt text supply file paths for the coverage check.