Alibabacloud Sase Pa Network Diagnosis
PassAudited by ClawScan on May 12, 2026.
Overview
This is a coherent Alibaba Cloud SASE diagnosis skill, but it relies on Alibaba Cloud credentials, cloud API actions, and manual CLI/plugin setup that users should verify carefully.
Install only if you trust the Alibaba Cloud CLI setup and are comfortable letting the agent use an existing Aliyun CLI profile for SASE PA diagnosis. Use a least-privilege RAM profile, verify every diagnosis parameter before execution, and follow the main credential rule: do not paste or expose AK/SK secrets in the conversation or command history.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the active Aliyun profile is overprivileged, the agent may use broader cloud authority than needed while performing diagnosis.
The skill depends on an existing Alibaba Cloud identity to call SASE APIs, which is expected for the purpose but gives the agent access through the user's cloud account.
Use an existing Aliyun CLI credential profile and verify it with `aliyun configure list`.
Use a dedicated RAM user/profile with only the listed `csas:ListUserDevices`, `csas:CreatePADiagnosisTask`, and `csas:GetPADiagnosisTask` permissions, and do not paste AK/SK secrets into chat.
Running the workflow can create diagnosis tasks and retrieve SASE device, network-link, DNS, and policy information.
The documented workflow includes cloud API calls that query user devices and create diagnosis tasks; these actions are purpose-aligned but are still real account operations.
`ListUserDevices` ... `CreatePADiagnosisTask` ... `GetPADiagnosisTask`
Review and confirm target host, port, protocol, username/device identifiers, and profile before allowing the commands to run; use `--cli-dry-run` where appropriate.
Your local Aliyun CLI installation or plugins may be installed or updated, and the CLI may continue auto-installing plugins afterward.
The setup guidance can execute a remote installer and enable automatic Aliyun CLI plugin installation/updates. This is relevant to the skill's purpose, but it changes local tooling and pulls code from a remote source.
run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` ... [MUST] run `aliyun configure set --auto-plugin-install true` ... `aliyun plugin update`
Run installation/update commands manually after verifying the source, and consider reverting persistent CLI settings if you do not want automatic plugin installation enabled.