ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alicloud Ai Content Aimiaobi

v1.0.3

Manage Alibaba Cloud Quan Miao (AiMiaoBi) via OpenAPI/SDK. Use whenever the user asks for Alibaba Cloud MiaoBi content operations, including listing resource...

0· 1.5k·3 current·4 all-time
by@cinience

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cinience/alicloud-ai-content-aimiaobi.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Alicloud Ai Content Aimiaobi" (cinience/alicloud-ai-content-aimiaobi) from ClawHub.
Skill page: https://clawhub.ai/cinience/alicloud-ai-content-aimiaobi
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install alicloud-ai-content-aimiaobi

ClawHub CLI

Package manager switcher

npx clawhub@latest install alicloud-ai-content-aimiaobi
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly expects the agent to use Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optionally ALICLOUD_REGION_ID) or the shared config (~/.alibabacloud/credentials) to call SDK/OpenAPI. However, the registry metadata lists no required environment variables or primary credential. That inconsistency means the skill may need sensitive credentials even though the metadata doesn't declare them.
Instruction Scope
The instructions are generally scoped to discovering and calling Alibaba Cloud OpenAPI metadata and actual service APIs for AiMiaoBi. They instruct the agent to use SDKs/OpenAPI Explorer, prefer list/describe APIs for inventory, and to ask the user before mutating operations — which is appropriate. However, the agent is also instructed to include key parameters in evidence files and to write artifacts under output/, which will store resource identifiers and other context; this is expected but worth noting for sensitive data handling. The provided Python script only fetches public API metadata and does not access credentials.
Install Mechanism
There is no install spec; the skill is instruction-only with a small included Python script. The script makes an HTTPS GET to api.aliyun.com to fetch OpenAPI metadata and writes files under output/. No unusual downloads, archive extraction, or third-party package installs are present.
!
Credentials
The SKILL.md requires (and prioritizes) environment variables and a shared credentials file that contain highly sensitive secrets (Alibaba Cloud Access Key ID / Secret). The skill metadata does not declare these requirements. Requesting secret credentials is reasonable for a cloud-management skill, but the omission in the manifest is a mismatch that increases risk: users may not realize the skill will read or rely on secrets. Also, instructions to save evidence containing key parameters could inadvertently capture sensitive identifiers if not handled carefully.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide settings. disable-model-invocation is false (normal). The skill writes outputs only under its own output/ path per SKILL.md, which is appropriate.
What to consider before installing
This skill is for managing Alibaba Cloud AiMiaoBi and legitimately needs Alibaba Cloud credentials to perform SDK/API operations, but the skill's registry metadata does not declare those credentials — that's the main red flag. Before installing or running it: (1) Confirm with the publisher why required credentials are omitted from the metadata. (2) Inspect the included files locally (SKILL.md and scripts) — the provided script only fetches public API metadata and does not use secrets. (3) If you run the skill, supply least-privilege credentials (prefer read-only or narrow-scope temporary credentials) and consider running in a sandboxed account or environment. (4) Be cautious about storing or exposing output files; they may contain resource IDs or timestamps that you consider sensitive. (5) If you need mutating operations, require explicit user confirmation and audit logs. If the publisher can't justify the metadata omission, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk971vvepvqg1vt4tz2mb9gm3e982qak2
1.5kdownloads
0stars
4versions
Updated 11h ago
v1.0.3
MIT-0
@cinience
latest
Download

Category: service

Quan Miao

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Quan Miao.

Workflow

  1. Confirm region, resource identifiers, and desired action.
  2. Discover API list and required parameters (see references).
  3. Call API with SDK or OpenAPI Explorer.
  4. Verify results with describe/list APIs.

AccessKey priority (must follow)

  1. Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
  2. Shared config file: ~/.alibabacloud/credentials

API discovery

  • Product code: AiMiaoBi
  • Default API version: 2023-08-01
  • Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

  1. Inventory/list: prefer List* / Describe* APIs to get current resources.
  2. Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
  3. Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/alicloud-ai-content-aimiaobi/

Validation

mkdir -p output/alicloud-ai-content-aimiaobi
for f in skills/ai/content/alicloud-ai-content-aimiaobi/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-ai-content-aimiaobi/validate.txt

Pass criteria: command exits 0 and output/alicloud-ai-content-aimiaobi/validate.txt is generated.

Output And Evidence

  • Save artifacts, command outputs, and API response summaries under output/alicloud-ai-content-aimiaobi/.
  • Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

References

  • Sources: references/sources.md

Comments

Loading comments...