Skillv0.0.1

ClawScan security

Alibabacloud Tair Ai Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 5:57 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (wrap aliyun CLI calls to Alibaba Cloud DAS YaoChi Agent) and its requirements are broadly consistent, but there are a few minor mismatches and operational cautions you should understand before installing.
Guidance: This skill is an instruction-only wrapper around the official aliyun CLI DAS APIs and appears coherent with its stated purpose. Before installing or running it: - Do not run remote install scripts (curl | bash) unless you trust the source; if you do, review the installer first. - Provide credentials with least privilege (create a RAM user and attach only the das:GetYaoChiAgent / das:GetDasAgentSSE actions) or use ECS RAM roles / STS tokens rather than long-lived root keys. - Note the skill uses the aliyun CLI credential chain (env vars, ~/.aliyun/config.json, or CLI profile) even though metadata lists no required env vars; check which profile or credentials the CLI will pick up to avoid accidental use of high-privilege keys. - Enabling aliyun "ai-mode" changes local CLI config; review and revert if undesired. - If you need higher assurance, run the script in an isolated environment (separate profile, container, or CI runner) and inspect network calls / CLI behavior during a test run.

Review Dimensions

Purpose & Capability: okThe name/description (Tair/Redis diagnostics) lines up with the implementation: a bash wrapper that invokes aliyun das GetYaoChiAgent/GetDasAgentSSE. The skill legitimately needs access to Alibaba Cloud credentials via the aliyun CLI credential chain. One minor note: the skill metadata declares no required env vars, yet the documentation and script rely on the CLI credential chain (environment vars, ~/.aliyun/config.json, or ECS RAM role). This is coherent but not explicitly declared in metadata.
Instruction Scope: noteRuntime instructions and the included script are narrowly scoped to invoking the aliyun CLI DAS plugin, parsing streaming SSE/JSON responses, and printing session IDs. The SKILL.md rightly instructs confirming user parameters before execution. Note: it instructs the user to enable "ai-mode" in the aliyun CLI and to set a custom user-agent (command-line config changes to the local aliyun CLI), which is an operational side-effect the user should be aware of. The instructions do reference (and show examples of) environment variables and config files used by the CLI for credentials.
Install Mechanism: noteThere is no formal install spec; this is mostly instruction-only plus a shell script. The documentation suggests installing the aliyun CLI via a curl|bash one-liner pointing at aliyuncli.alicdn.com (official vendor domain), and installing the DAS plugin via aliyun plugin install. Pulling installers directly from the vendor domain is common but always carries the usual risk of running remote install scripts — verify the domain and contents before piping to shell.
Credentials: noteThe skill does not declare required env vars in metadata, but it clearly depends on the aliyun CLI credential chain (ALIBABA_CLOUD_ACCESS_KEY_ID/SECRET, ALIBABA_CLOUD_PROFILE, ~/.aliyun/config.json, or ECS RAM role). That dependency is proportional for a cloud management/diagnostics skill, but you should ensure credentials used grant least privilege (ram:GetYaoChiAgent / das:GetDasAgentSSE as recommended) and are not root-level keys. The references explicitly discourage hardcoding AK/SK in scripts (correct).
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent platform privileges. It only writes/reads local aliyun CLI configuration when you run the CLI commands (standard behavior). It does ask you to enable ai-mode in the local aliyun CLI, which modifies the CLI configuration but is limited to that tool and not the skill platform.