Alibabacloud Sas Incident Manage
v0.0.1Alibaba Cloud Security Center incident management skill. Query security incidents, threat trends, and incident details. Triggers: "云安全中心", "安全事件", "事件查询", "安...
⭐ 0· 24·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe querying Cloud SIEM incidents and the instructions exclusively call the Aliyun CLI cloud-siem commands and related APIs. Required capabilities and flags are appropriate for that purpose.
Instruction Scope
Runtime instructions are focused on installing the Aliyun CLI plugin and running specific cloud-siem commands with strict flags and validation. Minor issues: multiple reference docs (verification, RAM/policies) refer to scripts (e.g., scripts/siem_client.py) that are not included in the package; the SKILL.md and references also contain numerous example CLI commands and config examples which are intended for the user rather than agent code.
Install Mechanism
This is an instruction-only skill (no install spec). Installation guidance points to the official Aliyun CDN and the Aliyun CLI plugin — legitimate, known sources. No arbitrary download hosts, shorteners, or extract+execute from unknown servers are present.
Credentials
The skill does not declare environment variables but explicitly relies on the Aliyun CLI default credential chain and the user's configured credentials (~/.aliyun/config.json, profiles, or ECS RAM role). This is proportionate to cloud API access, but the registry metadata did not list the config path even though docs reference it. The skill forbids printing or asking for credentials, which is good, but examples show non-interactive commands that include secrets (these are user examples — not runtime requirements).
Persistence & Privilege
always is false and the skill does not request to persist or modify agent/system-wide settings. There is no indication it writes to other skills' configs or requests elevated platform privileges.
Assessment
This skill is internally consistent: it runs Aliyun CLI cloud-siem commands and expects your Alibaba Cloud credentials to already be configured (via aliyun configure, instance role, or an existing profile). Before installing or invoking it: 1) Confirm you trust the source and that the Aliyun CLI/plugin installs come from the official aliyuncdn/official repos; 2) Ensure credentials are configured with least privilege (create a RAM policy limited to the listed actions) and avoid pasting secrets into chat; 3) Note that some reference docs mention helper scripts (e.g., scripts/siem_client.py) which are not included — you will not be able to run those verification scripts unless you obtain them separately; 4) If you allow autonomous agent invocation, be aware the agent can run the CLI commands against your cloud account (this is expected behavior for this kind of skill) — verify the credential profile used and restrict permissions accordingly.Like a lobster shell, security has layers — review code before you run it.
latestvk978bdwg4px11wrnk78094ec3584e99p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.