Alibabacloud Polardb Ai Assistant
v0.0.1Alibaba Cloud PolarDB Database AI Assistant. For PolarDB MySQL/PostgreSQL cluster management, performance diagnostics, parameter tuning, slow SQL analysis, b...
⭐ 0· 78·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included script and docs: the skill invokes aliyun CLI DAS GetYaoChiAgent/GetDasAgentSSE to perform PolarDB diagnostics. This purpose justifies requiring the user's existing Alibaba Cloud CLI configuration and DAS plugin. Minor inconsistency across files about CLI parameter casing (some docs show PascalCase API name, script uses kebab-case plugin command); this is likely an implementation detail (plugin vs. traditional API invocation) rather than malicious, but you may want to confirm which CLI/plugin version is expected in your environment.
Instruction Scope
SKILL.md + call_yaochi_agent.sh stick to the stated domain: building CLI arguments, invoking the DAS agent, streaming/parsing responses. The script reads user-provided queries (or stdin) and uses existing aliyun CLI credentials (~/.aliyun config or env vars) for auth. It does not attempt to read unrelated local files or post data to third-party endpoints. The instructions explicitly require confirming user parameters before execution (good).
Install Mechanism
No packaged install; the README suggests installing the official aliyun CLI and DAS plugin from aliyuncli.alicdn.com and installing jq via package manager. These are vendor-hosted endpoints (not random IPs), which is reasonable, but the docs recommend piping a remote install script (curl ... | bash) and enabling automatic plugin installation — both are operational choices with some risk. Recommend auditing the vendor install script and opting to install manually if you prefer.
Credentials
The skill does not declare required env vars but relies on existing aliyun CLI credentials (AK/SK, STS, RAM role, or ECS role) or environment variables like ALIBABA_CLOUD_ACCESS_KEY_ID. That is proportional for a CLI wrapper, but it means the tool will run with whatever IAM privileges your configured credentials provide — follow least-privilege practices (use read-only or minimal das:GetYaoChiAgent / das:GetDasAgentSSE permissions) and avoid using root account credentials.
Persistence & Privilege
The skill is instruction-only plus a single script and does not request permanent platform-level privileges. always:false. It does recommend setting aliyun config --auto-plugin-install true which changes CLI behavior (auto-installing plugins); that is an operational preference rather than a platform privilege request from the skill itself.
Assessment
This skill is coherent: it wraps the official Alibaba Cloud CLI to call the DAS YaoChi (PolarDB diagnostics) API and uses your existing aliyun credentials. Before installing/using: 1) Inspect the included script (scripts/call_yaochi_agent.sh) yourself; it is self-contained and readable. 2) Prefer installing the aliyun CLI and DAS plugin via vendor packages you review rather than blindly piping remote install scripts. 3) Do NOT supply root account keys; create a RAM user or role with only the minimum permissions (das:GetYaoChiAgent, das:GetDasAgentSSE / read-only as appropriate). 4) Be cautious about enabling aliyun --auto-plugin-install globally — it may cause the CLI to install plugins automatically. 5) If you need stricter containment, run the tool in a disposable environment/container and use temporary STS tokens or an assumed role. If you want me to, I can point out the exact lines in the script that use credentials, build the CLI command, or help craft a least-privilege RAM policy for your use case.Like a lobster shell, security has layers — review code before you run it.
latestvk9730ey99sdk1c8sw1qc3snzas84er3n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.