ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alibabacloud Waf Checkresponse Intercept Query

v0.0.2

Query Alibaba Cloud WAF block reasons via SLS logs and WAF CLI. Analyzes detailed information about blocked requests. Optionally supports disabling WAF rules...

0· 20·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (query WAF block reasons, optionally enable logs or disable rules) match the included SKILL.md, reference docs, and the Python script which invokes the Alibaba CLI and queries SLS logs. Required permissions in references/ram-policies.md align with the declared functionality. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
Runtime instructions call the aliyun CLI and (with user consent) may perform write operations (ModifyUserWafLogStatus, ModifyDefenseRuleStatus). The SKILL.md enforces idempotent check-then-act patterns and explicit user confirmation for disables. This is within scope for a WAF investigation skill, but those write actions are sensitive and require explicit user consent and appropriate IAM scope.
Install Mechanism
No install spec; skill is instruction-only plus a helper script. No downloads or archive extraction. The script expects the aliyun CLI and python3 to be available on PATH, which is reasonable for this functionality.
Credentials
The skill requests no environment variables and explicitly relies on Alibaba Cloud's default credential chain (ECS RAM role, ~/.alibabacloud/config). The referenced RAM policy lists only permissions relevant to querying logs and optional rule/log management. There are no extraneous credentials requested.
Persistence & Privilege
Skill is not always:true, does not request persistent modification of other skills or system-wide settings, and does not attempt to store credentials. Autonomous invocation is allowed by default but is not combined with other high-risk privileges here.
Assessment
This skill appears to do what it claims: it runs the aliyun CLI and a local Python helper to find WAF block records, and can (with confirmation) enable WAF logging or disable rules. Before installing or using it: ensure the agent/account uses the least-privilege RAM policy (only grant ModifyDefenseRuleStatus or ModifyUserWafLogStatus when you truly need write access), verify the aliyun CLI and ~/.alibabacloud config are legitimate, and confirm any disable/log-enable operation when prompted. If you do not want the skill to perform writes, do not grant the optional write permissions or decline those operations when asked.

Like a lobster shell, security has layers — review code before you run it.

latestvk979g9cy8ksp6fw9bxk0a1whfs84g7at

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments