Alibabacloud Yike Storyboard
Security checks across malware telemetry and agentic risk
Overview
This skill’s behavior matches its Alibaba Cloud storyboard purpose, but it uses Alibaba Cloud credentials, can affect cloud usage/billing, installs or updates Aliyun CLI plugins, and uploads selected script files to Alibaba Cloud.
Install/use this only if you want an Alibaba Cloud Yike workflow and are comfortable uploading the chosen script or novel to Alibaba Cloud. Use a limited RAM user or STS token, prefer the minimum custom policy, review CLI installer/plugin update commands before running them, and confirm the file path and job settings before upload.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup can execute provider-supplied installer code and change the local Aliyun CLI/plugin environment.
The skill asks the user to run a remote installer and update/install CLI plugins from latest provider sources. This is disclosed and relevant to Alibaba Cloud usage, but it expands the local supply-chain surface.
run `curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash` to update ... `aliyun configure set --auto-plugin-install true` ... `aliyun plugin update`
Run setup commands yourself, prefer a trusted package manager or reviewed installer when possible, and avoid unpinned auto-updates in locked-down environments.
The skill can create Alibaba Cloud/Yike jobs and may consume service quota or incur cloud charges depending on the user account and service terms.
The documented workflow uses CLI tools to get upload credentials, upload the file, and submit a cloud storyboard job. These actions are central to the skill, but they create remote cloud activity.
`aliyun ice create-yike-asset-upload` ... `aliyun ossutil cp` ... `aliyun ice submit-yike-storyboard-job`
Confirm the target Alibaba Cloud account, region, file, and generation parameters before running upload or job-submission commands.
The skill acts through the user’s Alibaba Cloud identity and can access permitted ICE/Yike operations in that account.
The skill depends on the user's Alibaba Cloud credential profile and specific ICE permissions. The instructions also warn not to print AK/SK values, which helps bound credential handling.
Pre-check: Alibaba Cloud Credentials Required ... `aliyun configure list` ... This skill requires ICE permissions: `ice:CreateYikeAssetUpload`, `ice:SubmitYikeStoryboardJob`, `ice:GetYikeStoryboardJob`.
Use a least-privileged RAM user or temporary STS credentials, and grant only the documented minimum permissions needed for storyboard creation.
The selected script or novel content is sent to Alibaba Cloud/Yike for processing.
The script uploads the selected local txt/docx file to Alibaba Cloud OSS using temporary credentials returned by the provider, then outputs the resulting FileURL for the Yike job.
run_with_timeout $UPLOAD_TIMEOUT aliyun ossutil cp "$REAL_PATH" "oss://${BUCKET}/${FILE_NAME}" ... echo "FileURL: $FILE_URL"Upload only files you intend to share with Alibaba Cloud services, and remove secrets or sensitive private content from storyboard inputs.