Alibabacloud Data Agent Skill
v0.0.1Invoke Alibaba Cloud Apsara Data Agent for Analytics via CLI to perform natural language-driven data analysis on enterprise databases. Data Agent for Analyti...
⭐ 0· 0·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description, and many included Python modules match a Data Agent CLI for Alibaba Cloud (coherent). However the registry metadata claims 'Required env vars: none' while SKILL.md and the code clearly require Alibaba Cloud credentials (default credential chain or DATA_AGENT_API_KEY) and region configuration. SKILL.md also says dependencies in requirements.txt must be installed even though there is no install spec. These mismatches (declared requirements ≠ actual requirements) are unexpected and reduce trust.
Instruction Scope
SKILL.md and reference docs instruct the agent to create/attach background sub-agents, poll session state files under sessions/* (status.txt, progress.log), download generated files, and push notifications via external channels. assets/HEARTBEAT.md explicitly tells an agent to execute a 'chain-of-thought' style checklist and to scan sessions/, then use a 'send_message tool or current channel (Telegram/WhatsApp)' — this reads like a prompt-injection instruction and encourages pushing messages to external endpoints. Reading/writing sessions/ and downloading report URLs is expected for this tool, but the 'chain-of-thought' phrasing and external-notification guidance go beyond normal CLI behavior and are concerning.
Install Mechanism
This is labeled as 'instruction-only' with no install spec, but the bundle contains a full Python CLI (many scripts) and a requirements.txt. SKILL.md also states dependencies must be installed. There is no provided secure install step (no verified download host or package install instruction). That mismatch increases risk: code will run but the environment dependency installation is left to the user, which can cause accidental installation of arbitrary packages if done without care.
Credentials
The skill needs Alibaba Cloud credentials (default chain or API_KEY) and a region to function; this is reasonable for a cloud data agent. However the registry metadata omitted those env requirements. The provided RAM policy examples request many DMS permissions and use Resource: '*', granting broad access to DMS and Data Agent actions (Create/Describe sessions, SendChatMessage, FileUploadCallback, etc.). Those permissions are powerful; they are functionally plausible for this tool, but require careful scoping in production. The skill also downloads files from URLs returned by the service (file_manager.download_from_url), which could be abused if untrusted URLs were returned.
Persistence & Privilege
The skill does not set always:true and does not demand platform-wide persistent privileges in the metadata. It writes session state and report files under a local sessions/ directory and spawns background worker processes per its design — behavior consistent with a CLI that supports background tasks. This local persistence is expected, but combined with the other concerns (undeclared credentials and notification instructions) it warrants caution.
Scan Findings in Context
[unicode-control-chars] unexpected: The static scan flagged unicode-control characters / prompt-manipulating content. assets/HEARTBEAT.md includes '按照以下步骤 chain-of-thought 执行' and instructs the agent to follow a chain-of-thought checklist and send messages to external channels — this looks like a prompt-injection or internal directive that is not required for implementing a CLI and is unexpected for a harmless integration.
What to consider before installing
What to consider before installing or enabling this skill:
- Source verification: The skill bundle contains many Python files but no homepage or source URL in the registry entry. Ask the publisher for a code repository or official distribution channel and verify signatures or repository provenance before running code.
- Credentials and permissions: SKILL.md requires Alibaba Cloud credentials (default credential chain or DATA_AGENT_API_KEY) and a region, but the registry metadata omitted these. If you enable it, avoid granting broad RAM policies with Resource: '*'—instead create a least-privilege RAM role scoped to specific resources and review the minimal actions listed in RAM-POLICIES.md.
- Installation: There is no secure install spec even though requirements.txt exists. If you need to install dependencies, do so in an isolated environment (container or VM) and pin package versions from trusted registries. Review requirements.txt manually before installing.
- Prompt-injection and notifications: assets/HEARTBEAT.md contains instructions that look like a prompt-injection (requesting 'chain-of-thought' style behavior) and suggests sending messages via external channels (Telegram/WhatsApp). If you deploy, remove or audit that file and disable any automated notification hooks unless explicitly desired and verified.
- Network and file I/O risk: The CLI downloads report files from URLs returned by the service. Consider running the skill in a network-restricted environment or with egress controls to prevent unexpected exfiltration. Also review what the skill will read/write (sessions/ directory) to avoid leaking sensitive local data.
- Test safely: Run the tool against the provided demo data (internal_data_employees or the included example CSV) in an isolated test account to validate behavior before connecting it to production databases.
If you want, I can:
- Extract and summarize the exact environment variables and permissions the code reads (DataAgentConfig.from_env usage),
- List the entries in requirements.txt and flag risky packages,
- Point out the exact files/lines where downloads or external notifications are performed so you can audit them or remove the functionality.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
metadata: author: DataAgent Team version: "1.7.2"
Changelog
- v1.7.2: Use Alibaba Cloud default credential chain instead of explicit AK/SK, add User-Agent header, fix RAM policy wildcard issues
- v1.7.1: Fix CLI
lscommand API response parsing (support case-insensitive field names), optimize SKILL documentation structure, separate ANALYSIS mode specification document - v1.7.0: API_KEY authentication support, native async execution mode, session isolation, enhanced attach mode, optimized log output
Installation
Configure Credentials
This Skill uses Alibaba Cloud default credential chain (recommended) or API_KEY authentication.
Option 1: Default Credential Chain (Recommended)
The Skill uses Alibaba Cloud SDK's default credential chain to automatically obtain credentials, supporting environment variables, configuration files, instance roles, etc.
See Alibaba Cloud Credential Chain Documentation
Option 2: API_KEY Authentication (File Analysis Only)
export DATA_AGENT_API_KEY=your-api-key
export DATA_AGENT_REGION=cn-hangzhou
Get API_KEY: Data Agent Console
Permission Requirements
RAM users need AliyunDMSFullAccess or AliyunDMSDataAgentFullAccess permissions.
See RAM-POLICIES.md for detailed permission information.
Debug Mode
DATA_AGENT_DEBUG_API=1 python3 scripts/data_agent_cli.py file example.csv -q "analyze"
💡 Getting Started Tips
- Use the built-in demo database
internal_data_employees(DataAgent's built-in test database containing employee, department, and salary data) for first-time experience - Or use local file
assets/example_game_data.csvfor file analysis experience
Data Agent CLI — Unified Command-Line Data Analysis Tool
Overview
scripts/data_agent_cli.py helps users complete the full workflow from discover data → initiate analysis → track progress → get results.
Core Concepts
⚠️ Key Prerequisite: Data Agent can only analyze databases that have been imported into Data Agent Data Center.
- Data Center: Data Agent's data center, only databases here can be analyzed
- DMS: Alibaba Cloud Data Management Service, stores metadata of all databases
- Relationship: Databases registered in DMS ≠ Databases in Data Center
Usage Flow:
- First use
lsto check if the target database exists in Data Center- If not found, use
dmssubcommand to search for database info, then useimportsubcommand to import it- After successful import, you can use
dbsubcommand for analysis
Analysis Modes
- ASK_DATA (default): Synchronous execution, sub-second response, suitable for quick Q&A
- ANALYSIS: Deep analysis, takes 5-40 minutes, requires spawning a sub-agent for async execution or using --async-run parameter
See ANALYSIS_MODE.md for details
Session Reuse
Use db/file to create a session for initial analysis, then use attach --session-id <ID> to reuse the session for follow-up questions.
See COMMANDS.md and WORKFLOWS.md for details
Quick Start
# 1. List available databases
python3 scripts/data_agent_cli.py ls
# 2. Query analysis (synchronous response)
python3 scripts/data_agent_cli.py db \
--dms-instance-id <ID> --dms-db-id <ID> \
--instance-name <NAME> --db-name <DB> \
--tables "employees,departments" -q "Which department has the highest average salary"
# 3. Follow-up question (reuse session)
python3 scripts/data_agent_cli.py attach --session-id <ID> -q "Break down by month"
📖 See WORKFLOWS.md and COMMANDS.md for complete workflows, command reference, and best practices
Project Structure
# Skill root directory
├── SKILL.md # This document
├── scripts/ # Source code
│ ├── data_agent/ # SDK module
│ ├── cli/ # CLI module
│ ├── data_agent_cli.py # CLI entry point
│ └── requirements.txt # Dependencies
├── sessions/ # Session data
└── references/ # Reference documents
Files
37 totalSelect a file
Select a file to preview.
Comments
Loading comments…