ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alibabacloud Das Agent

v0.0.2

Diagnose and manage Alibaba Cloud databases through natural language. Use when users need to troubleshoot database performance issues (high CPU, slow queries...

0· 72·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and docs implement a DAS Chat client that POSTs to das.cn-shanghai.aliyuncs.com and uses the Alibaba Cloud credential chain — this is coherent with the stated purpose of diagnosing Alibaba Cloud databases. However, the documentation is inconsistent about permission scope: SKILL.md and scripts mention the default credential chain and an optional ALIBABA_CLOUD_DAS_AGENT_ID, but other doc files (references/api-reference.md and references/ram-policies.md) disagree on whether AgentId is required and whether the permission is das:Chat or a broader AliyunHDMFullAccess. Registry metadata lists no required env vars even though runtime uses credential sources.
!
Instruction Scope
Runtime instructions and the Python client explicitly rely on the Alibaba Cloud default credential provider chain, which may read local files (~/.aliyun/config.json or ~/.alibabacloud/credentials.ini) and query the ECS metadata service (100.100.100.200). Those file/metadata accesses are legitimate for cloud SDKs but they are not declared in the registry metadata; the SKILL.md also promotes omitting AgentId (using a default shared Agent) which has billing/usage implications. The skill does not call any unexpected external endpoints beyond the documented DAS endpoint.
Install Mechanism
No install spec is provided (instruction-only at registry level), which is low risk, but the package includes a pyproject.toml that pins deps from PyPI (alibabacloud_credentials, requests, pytz). The SKILL.md requires a 'uv' runner but the skill does not provide an install step for it. There is no download from an untrusted URL or archive extraction.
!
Credentials
The skill requires access to Alibaba Cloud credentials via the default provider chain (environment variables, profile files, or ECS RAM role). That is expected for a cloud service client, but registry metadata did not list any required env vars and references/api-reference.md contradicts SKILL.md about whether ALIBABA_CLOUD_DAS_AGENT_ID is required. The broad wording in SKILL.md about credential sources means the script may access local credential files and metadata service — users should ensure only intended credentials/roles are available to the runtime.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare system-wide persistence. It runs as an on-demand client and prints results to stdout; no elevated persistence or cross-skill configuration writes are present.
What to consider before installing
This skill is functionally aligned with an Alibaba Cloud DAS client, but there are documentation mismatches you should resolve before installing. Specifically: (1) Confirm whether ALIBABA_CLOUD_DAS_AGENT_ID is optional or required and whether the required IAM permission is only das:Chat (preferred) or a broader AliyunHDMFullAccess (riskier). (2) Understand the default credential chain: the script may read ~/.aliyun/config.json or ~/.alibabacloud/credentials.ini or call the ECS metadata endpoint — avoid running it on machines that hold unrelated/privileged Alibaba Cloud credentials. (3) The package lists dependencies from PyPI and expects a 'uv' runner; only run in an environment where you control installed packages (or audit dependencies first). (4) If you proceed, run in a least-privilege account/role limited to das:Chat and in an isolated environment until you’re comfortable with behavior. If the author can clarify and fix the inconsistent docs (AgentId required vs optional, exact IAM policy), that would reduce the concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ess8aprd2rwgfr7cvd9ngsd850mcr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments