Alibabacloud Sas Alert Handler
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is purpose-aligned for Alibaba Cloud security alert handling, but it can use your Alibaba Cloud CLI profile to make real security-response changes, so review actions before approving them.
Install only if you intend to let the agent inspect and handle Alibaba Cloud Security Center alerts. Use least-privilege RAM permissions, confirm the active Aliyun CLI profile, review every proposed alert action before approval, and check that Aliyun CLI AI-mode is disabled afterward.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved incorrectly, the agent could ignore real alerts, whitelist future alerts, block IPs, or quarantine/terminate files or processes.
The skill is designed to run Alibaba Cloud SAS operations that can change alert state or trigger response actions. This matches the purpose, but the actions can affect security posture and hosts.
Execute alert handling operations (ignore, whitelist, block, quarantine, etc.)
Use the query/recommendation steps first, then approve only specific alert IDs and operations you understand. Avoid bulk handling unless you have reviewed the proposed actions.
The agent can act with whatever Alibaba Cloud permissions are available in the current CLI profile.
The skill uses the user's existing Aliyun CLI credential profile. This is expected for Alibaba Cloud operations and the artifact tells the agent not to print AK/SK values, but the credential can authorize real account changes.
**Pre-check: Alibaba Cloud Credentials Required** ... **ONLY** use `aliyun configure list` to check credential status ... If no valid profile exists, STOP here.
Use a dedicated RAM user or role with the minimum SAS permissions needed, confirm the active profile/account before running, and avoid root or broad administrative credentials.
Your local Aliyun CLI installation or plugins may be changed before the skill runs cloud operations.
The skill instructs installation or update of Aliyun CLI and plugins from Alibaba Cloud sources. This is central to the skill, but it involves remote installation/update behavior and persistent CLI configuration.
run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` ... `[MUST] run `aliyun configure set --auto-plugin-install true` ... `[MUST] run `aliyun plugin update`
Prefer a vetted package-manager install where possible, verify the CLI source, and understand that automatic plugin installation is a global CLI setting.
If the workflow is interrupted before cleanup, Aliyun CLI AI-mode could remain enabled until manually disabled.
The skill changes a local Aliyun CLI mode for agent execution and includes explicit cleanup instructions. The cleanup requirement reduces risk, but users should notice the temporary CLI state change.
**[MUST] Enable AI-Mode** ... `aliyun configure ai-mode enable` ... **[MUST] Disable AI-Mode at EVERY exit point** ... `aliyun configure ai-mode disable`
After use, verify AI-mode is disabled, especially if the agent session crashes or is cancelled.