Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Alibabacloud Sas Openclaw Security
v0.0.1Perform security operations on OpenClaw environments by calling Alibaba Cloud Security Center (SAS) and ECS APIs via the aliyun CLI. Supports asset queries,...
⭐ 0· 22·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to operate via the aliyun CLI and to run Cloud Assistant (ECS) commands. However, the registry metadata lists no required binaries, env vars, or config paths. In practice this skill requires the aliyun CLI and an already-configured CLI credential file (~/.aliyun/config.json). The missing declaration of the required CLI and of the credential/config path is an incoherence.
Instruction Scope
SKILL.md and the scripts consistently describe querying SAS/ECS/AISC and generating reports. The code explicitly supports running arbitrary shell commands on ECS instances via Cloud Assistant (ecs:RunCommand) and installing a guardrail using an install command retrieved from AISC. These behaviors are coherent with the stated functionality, but they are high-privilege actions (remote execution, installing software) and the docs rely on obtaining user confirmation before execution — verify the agent enforces explicit confirmation and does not auto-run fetched install commands.
Install Mechanism
No external install spec is provided (instruction-only install). The repository includes Python scripts that call the aliyun CLI; nothing in the manifest downloads arbitrary third-party code from unknown URLs. This is low install-surface risk, but runtime actions may cause remote instances to download/execute installers (see AISC InstallKey behavior).
Credentials
The skill requests no declared environment variables or primary credential, yet it requires access to Alibaba Cloud credentials via the aliyun CLI config (stored under ~/.aliyun/config.json) and may honor ALICLOUD_REGION_ID. The scripts require RAM permissions including ecs:RunCommand and other write actions; these are appropriate for remote command execution but are powerful and should be scoped narrowly. The absence of declared config/credential requirements in metadata is a mismatch.
Persistence & Privilege
The skill is not marked 'always:true' and does not appear to modify other skills or global agent configurations. Autonomous invocation is allowed (default) which increases blast radius if granted privileges, but this is platform default and not itself a disqualifier. No requests to persist credentials or alter other skills were observed.
What to consider before installing
This skill does what it says (SAS/ECS/AISC operations) but acts with high privilege: it expects a configured aliyun CLI and will use Cloud Assistant to run arbitrary shell commands on ECS instances and can fetch an installer command from AISC. Before installing: (1) ensure the aliyun CLI requirement and the CLI credential path (~/.aliyun/config.json) are acceptable to you, (2) restrict the RAM permissions to the minimum set and to specific instance ARNs (especially ecs:RunCommand), (3) review the install_security_guardrail and run_cloud_assistant_command scripts to confirm they never auto-execute fetched shell commands without explicit user confirmation, (4) only use on trusted Alibaba accounts, and (5) consider manual dry-run of queries first (report generation, listings) and require explicit user confirmation before any remote command or install operation. If you need a safer assessment, provide the full contents of install_security_guardrail.py and run_cloud_assistant_command.py so I can check whether they automatically execute installer strings returned by AISC.Like a lobster shell, security has layers — review code before you run it.
latestvk979xmfbqgm3shk0dqf16x0yp984fgdw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.