ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alibabacloud Sdk Client Initialization For Java

v0.0.2-beta

Initialize and manage Alibaba Cloud SDK clients in Java. Covers singleton pattern, thread safety, endpoint vs region configuration, VPC endpoints, sync vs as...

0· 101·0 current·0 all-time
by@yndu13

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yndu13/alibabacloud-sdk-client-initialization-for-java.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Alibabacloud Sdk Client Initialization For Java" (yndu13/alibabacloud-sdk-client-initialization-for-java) from ClawHub.
Skill page: https://clawhub.ai/yndu13/alibabacloud-sdk-client-initialization-for-java
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install alibabacloud-sdk-client-initialization-for-java

ClawHub CLI

Package manager switcher

npx clawhub@latest install alibabacloud-sdk-client-initialization-for-java
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name and content are consistent with initializing Alibaba Cloud Java SDK clients. However, the example code calls System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID") and System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET") while the skill metadata declares no required environment variables or primary credential. Credentials are central to the skill's purpose and should be explicitly declared.
Instruction Scope
The SKILL.md contains runnable Java examples that read environment variables for credentials and set endpoints; these actions are within scope for a cloud SDK guide. It does not instruct the agent to read unrelated files, system config, or exfiltrate data. Still, the examples implicitly expect secrets in the environment which the metadata omits.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes filesystem risk; nothing is fetched or executed by an installer.
!
Credentials
The SKILL.md uses sensitive environment variables (ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET) but the skill metadata does not list them under required env or primary credential. Requiring cloud credentials would be proportionate to the purpose, but the omission is an inconsistency that could hide expected secret access.
Persistence & Privilege
always is false and there are no install actions or configuration changes. The skill does not request persistent system privileges or to modify other skills.
What to consider before installing
This is primarily an examples/instructions-only skill for Alibaba Cloud Java SDK clients and appears functionally coherent, but note two issues before installing or using it: (1) the SKILL.md examples rely on ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables, yet the skill metadata does not declare any required credentials — ask the publisher to explicitly declare required env vars or update the metadata; (2) the source and homepage are unknown, which reduces trust — prefer skills with a verifiable author or repo. If you proceed, avoid exposing long-lived root keys: use least-privilege credentials, Alibaba RAM roles or STS temporary tokens where possible, don't paste secrets into chat, and confirm how the agent will obtain/use those environment variables. Request clarification from the author about credential handling and the intended deployment environment to raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cq8cy34mfz24586t2dk7nh83k4at
101downloads
0stars
2versions
Updated 1mo ago
v0.0.2-beta
MIT-0
@yndu13
latest
Download

Client Initialization Best Practices (Java)

Core Rules

  • Client is thread-safe — safe to share across threads without synchronization.
  • Use singleton pattern — do NOT create new client instances per request. Frequent new Client() calls waste resources and hurt performance.
  • Prefer explicit endpoint over region-based endpoint resolution.
  • preview version

Recommended Client Creation

public class ClientFactory {
    private static volatile com.aliyun.ecs20140526.Client instance;

    public static com.aliyun.ecs20140526.Client getInstance() throws Exception {
        if (instance == null) {
            synchronized (ClientFactory.class) {
                if (instance == null) {
                    com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
                        .setAccessKeyId(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID"))
                        .setAccessKeySecret(System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET"));
                    config.setEndpoint("ecs.cn-hangzhou.aliyuncs.com");
                    instance = new com.aliyun.ecs20140526.Client(config);
                }
            }
        }
        return instance;
    }
}

Endpoint Configuration

Priority: explicit endpoint > region-based resolution via regionId.

// Preferred: explicit endpoint
config.setEndpoint("ecs.cn-hangzhou.aliyuncs.com");

// Alternative: SDK resolves endpoint from region
config.setRegionId("cn-hangzhou");

VPC Endpoints

Use VPC endpoints when running inside Alibaba Cloud VPC (hybrid cloud, leased lines, multi-region):

config.setEndpoint("ecs-vpc.cn-hangzhou.aliyuncs.com");

File Upload APIs (Advance)

For file upload APIs (e.g., Visual Intelligence), set both regionId and endpoint to the same region. Otherwise you may see timeouts due to cross-region OSS access:

config.setRegionId("cn-shanghai");
config.setEndpoint("objectdet.cn-shanghai.aliyuncs.com");
// For VPC file upload authorization:
client._openPlatformEndpoint = "openplatform-vpc.cn-shanghai.aliyuncs.com";

Synchronous vs Asynchronous

ModeSDK ArtifactWhen to Use
Synchronouscom.aliyun:{productCode}{version}Simple flows, low concurrency, easier debugging
Asynchronouscom.aliyun:alibabacloud-{productCode}{version}High concurrency/throughput, non-blocking I/O

Async example:

AsyncClient client = AsyncClient.builder()
    .region("cn-hangzhou")
    .credentialsProvider(provider)
    .overrideConfiguration(ClientOverrideConfiguration.create()
        .setEndpointOverride("ecs.cn-chengdu.aliyuncs.com"))
    .build();

CompletableFuture<DescribeRegionsResponse> response = client.describeRegions(request);
response.thenAccept(resp -> System.out.println(new Gson().toJson(resp)))
    .exceptionally(throwable -> { System.out.println(throwable.getMessage()); return null; });
// Always close async client when done
client.close();

Comments

Loading comments...