ClawHub

alicloud-database-rds-supabase

Manage Alibaba Cloud RDS Supabase (RDS AI Service 2025-05-07) via OpenAPI. Use for creating, starting/stopping/restarting instances, resetting passwords, querying endpoints/auth/storage, configuring auth/RAG/SSL/IP whitelist, and listing instance details or conversations.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 864 · 0 current installs · 0 all-time installs
by@cinience
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (manage Alibaba Cloud RDS Supabase) legitimately requires Alibaba Cloud AccessKey/Secret and a Region, and the SKILL.md explicitly instructs the agent to read ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID and ~/.alibabacloud/credentials. However, the registry metadata lists no required environment variables or primary credential. That mismatch between declared requirements and the runtime instructions is an incoherence.
Instruction Scope
The SKILL.md stays within the high-level scope of an RDS-management tool (create/start/stop/reset/configure/etc.) and documents API names and workflows. It explicitly instructs the agent to: prefer reading AK/SK from env vars, fall back to ~/.alibabacloud/credentials, optionally perform full-region queries (ListRegions + per-region DescribeAppInstances), and write outputs to output/database-rds-supabase/. These actions are plausible for cloud administration but have privacy/footprint implications (reading credentials file, enumerating all regions/instances). The instructions also assume the availability of an SDK or OpenAPI Explorer but do not declare that dependency.
Install Mechanism
There is no install spec (instruction-only), which reduces installation risk. However, SKILL.md recommends using the official SDK or OpenAPI Explorer (RPC signing) — the skill does not declare or ensure those tools are present. That omission could lead an agent to attempt calls without proper libraries or to prompt for ad-hoc methods; still, there is no direct install-based risk (no third-party downloads).
!
Credentials
The runtime instructions require Alibaba Cloud credentials and may involve providing or modifying storage configuration that can include third-party credentials (e.g., S3 keys in ModifyInstanceStorageConfig). The registry metadata, however, lists no required env vars or primary credential. Requesting AccessKey/Secret and possible storage keys is proportionate to cloud management, but the absence of declared credentials and the skill's unknown source/homepage increase the risk of accidental credential exposure. The skill also instructs reading the user's credentials file (~/.alibabacloud/credentials), a sensitive path that should have been declared.
Persistence & Privilege
The skill is not always-enabled and does not request persistent installation or system-wide configuration changes. It is user-invocable and allows autonomous invocation (platform default). Autonomous invocation combined with credential access would enlarge blast radius, but there is no explicit persistent or privileged installation behavior in the package.
What to consider before installing
This skill appears to be a legitimate RDS Supabase management helper, but there are two red flags: the SKILL.md expects Alibaba Cloud credentials (env vars and ~/.alibabacloud/credentials) while the registry metadata declares no required credentials, and the skill's source/homepage is missing. Before installing or using it: (1) do not supply high-privilege long-lived AK/SK — use a least-privilege RAM role or temporary credentials; (2) confirm you trust the skill's author or ask for a homepage/source; (3) be prepared for operations that enumerate regions and instances and that may write outputs to output/database-rds-supabase/; (4) if you must try it, test with an isolated account or dummy credentials and verify the agent prompts before any full-region enumeration or destructive actions (delete/reset); (5) consider requiring the skill to declare required env vars and dependencies (SDK) in its metadata before enabling it for production use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97fkjsp8rw04f1cawz8j4zr8980z577

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Category: service

阿里云 RDS Supabase(RDS AI 服务 2025-05-07)

使用 RDS AI 服务 OpenAPI 管理 RDS Supabase 应用实例及相关配置,包括实例生命周期、认证、存储、RAG、白名单与 SSL。

前置要求

  • 使用 RAM 用户/角色最小权限的 AccessKey,优先从环境变量读取 AK/SK。
  • OpenAPI 为 RPC 签名机制,优先使用官方 SDK 或 OpenAPI Explorer。

工作流

  1. 明确资源类型:实例 / 认证 / 存储 / RAG / 安全配置。
  2. references/api_overview.md 中定位接口。
  3. 选择调用方式(SDK / OpenAPI Explorer / 自签名)。
  4. 变更后使用查询接口确认状态与配置。

AccessKey 读取优先级(必须遵循)

  1. 环境变量(优先):ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region 规则:ALICLOUD_REGION_ID 作为可选默认值;若未设置,执行时应选择最合理的 Region,无法判断则主动询问。
  2. 标准配置文件:~/.alibabacloud/credentials

Region 默认策略

  • 如未指定 Region,优先选择最合理 Region;无法判断则询问用户。
  • 仅在明确需要或用户同意时,才进行全地域查询(先调 ListRegions,再对每个 Region 调用查询接口)。
  • 若用户提供 Region,则只查询指定 Region。

常见操作映射

  • 实例:CreateAppInstance / DeleteAppInstance / StartInstance / StopInstance / RestartInstance
  • 连接与认证:DescribeInstanceEndpoints / DescribeInstanceAuthInfo / ModifyInstanceAuthConfig
  • 存储:DescribeInstanceStorageConfig / ModifyInstanceStorageConfig
  • 安全:ModifyInstanceIpWhitelist / DescribeInstanceIpWhitelist / ModifyInstanceSSL / DescribeInstanceSSL
  • RAG:ModifyInstanceRAGConfig / DescribeInstanceRAGConfig

选择问题(不确定时提问)

  1. 目标实例 ID 是什么?所在地域?
  2. 要做的是实例生命周期,还是配置变更(认证/存储/RAG/白名单/SSL)?
  3. 是否需要批量操作或先查询现有配置?

Output Policy

若需保存结果或响应,写入: output/database-rds-supabase/

References

  • API 总览与接口分组:references/api_overview.md
  • 核心接口参数速查:references/api_reference.md
  • 全地域查询示例:references/query-examples.md
  • 官方文档来源清单:references/sources.md

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…