Alibabacloud Waf Quick Showcase
v0.0.1Solution skill for using WAF to protect web applications on ECS. Used for quickly deploying network environments including VPC, security groups, and ECS inst...
⭐ 0· 38·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (WAF protection on ECS) align with instructions and reference docs: all commands, RAM policy recommendations, and verification steps are about creating VPCs, VSwitches, Security Groups, ECS instances and WAF integration. There are no unrelated credentials, binaries, or external services requested.
Instruction Scope
Instructions direct the agent to run aliyun CLI commands and to perform pre-flight checks (CLI version, authentication status, account balance). They explicitly require waiting for user confirmation before creating resources and prohibit handling AK/SK. This is appropriately scoped for a provisioning/deployment skill, but the instructions will cause creation of cloud resources and require broad permission; the user must expect costs and IAM changes.
Install Mechanism
This is an instruction-only skill with no install spec or code files. The included CLI installation guidance downloads binaries from Alibaba Cloud CDN (aliyuncli.alicdn.com), which is an expected, official source for the aliyun CLI.
Credentials
The skill requests no environment variables or credentials itself and enforces OAuth or instance RAM role usage. However, the provided RAM policies list many permissions (create/run/delete resources across VPC/ECS/WAF) which are necessary for its function. The sample policy uses Resource: '*' in examples — acceptable for testing but the user should scope permissions in production.
Persistence & Privilege
always:false and model invocation are default. The skill does not request persistent presence or attempt to modify other skills or system-wide agent settings. It instructs use of the user's CLI config and explicit confirmation before actions.
Assessment
This skill appears coherent with its stated purpose, but it will create cloud resources that can incur costs and requires IAM permissions to create/modify VPC, ECS, and WAF resources. Before using: (1) run it in a test account or sandbox; (2) confirm you understand and approve resource creation and estimated costs; (3) grant least-privilege RAM permissions (avoid Resource:"*") or use a temporary RAM role; (4) do not supply AK/SK — follow the skill's OAuth or ECS RAM role guidance; (5) review each CLI command the agent plans to run and require explicit confirmation before creation; (6) audit and delete test resources when finished.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8jzbbgqkb1e2mdqd5n8755844rtm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.