ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alicloud Backup Hbr

v1.0.3

Manage Alibaba Cloud Cloud Backup (HBR) via OpenAPI/SDK. Use whenever the user asks for backup lifecycle operations such as resource listing, policy/config u...

0· 1.2k·2 current·2 all-time
by@cinience

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cinience/alicloud-backup-hbr.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Alicloud Backup Hbr" (cinience/alicloud-backup-hbr) from ClawHub.
Skill page: https://clawhub.ai/cinience/alicloud-backup-hbr
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install alicloud-backup-hbr

ClawHub CLI

Package manager switcher

npx clawhub@latest install alicloud-backup-hbr
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md, references, and the included script all align with managing Alibaba Cloud HBR via OpenAPI/SDK and metadata discovery. The included script fetches API metadata from api.aliyun.com which is appropriate for this purpose. However, the package metadata lists no required environment variables or primary credential, while SKILL.md explicitly documents required Alibaba Cloud credentials and a shared config file — an omission in the registry metadata.
Instruction Scope
The SKILL.md gives specific, narrow runtime instructions: discover APIs, use SDK/OpenAPI Explorer, run the provided metadata script, and write outputs to output/alicloud-backup-hbr/. It asks to confirm region/ids and to ask the user before mutating operations. The instructions do not ask the agent to read unrelated system files or exfiltrate data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill with no install spec. The single script performs simple HTTP GETs to official api.aliyun.com metadata endpoints and writes files to an output directory. No downloads from untrusted hosts or archive extraction are present.
!
Credentials
SKILL.md requires ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID, or the shared config at ~/.alibabacloud/credentials. Those credentials are proportionate to calling Alibaba Cloud APIs, but the registry metadata declares no required env vars or primary credential — this mismatch is a material inconsistency. The skill will need sensitive keys to perform mutations; the user should ensure least-privilege credentials are used and be aware that evidence files may include resource identifiers and parameters.
Persistence & Privilege
The skill is not set to always:true and does not request any special persistent system privileges. Model invocation is enabled (default), which is normal; there is no code that modifies other skills or system-wide agent settings.
What to consider before installing
This skill appears to do what it says (discover HBR OpenAPI metadata and guide SDK/API calls), but it documents needing Alibaba Cloud credentials while the registry metadata lists none. Before installing: (1) verify you are willing to provide ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET (use a least-privilege key scope), (2) confirm the skill will only write outputs under output/alicloud-backup-hbr/ and will not send data to unknown endpoints, (3) if you want to run mutating operations, ensure the agent asks you to confirm region/resource IDs (SKILL.md promises this), and (4) consider updating the registry metadata to declare the required env vars or only provide credentials interactively when needed. If you cannot supply controlled credentials or need assurance about auditing, treat this as untrusted until you validate its runtime behavior in a sandbox.

Like a lobster shell, security has layers — review code before you run it.

latestvk9740zagdgw6kx3rek3b6w8db982qbmj
1.2kdownloads
0stars
4versions
Updated 11h ago
v1.0.3
MIT-0
@cinience
latest
Download

Category: service

Cloud Backup

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Cloud Backup.

Workflow

  1. Confirm region, resource identifiers, and desired action.
  2. Discover API list and required parameters (see references).
  3. Call API with SDK or OpenAPI Explorer.
  4. Verify results with describe/list APIs.

AccessKey priority (must follow)

  1. Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
  2. Shared config file: ~/.alibabacloud/credentials

API discovery

  • Product code: hbr
  • Default API version: 2017-09-08
  • Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

  1. Inventory/list: prefer List* / Describe* APIs to get current resources.
  2. Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
  3. Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/alicloud-backup-hbr/

Validation

mkdir -p output/alicloud-backup-hbr
for f in skills/backup/alicloud-backup-hbr/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-backup-hbr/validate.txt

Pass criteria: command exits 0 and output/alicloud-backup-hbr/validate.txt is generated.

Output And Evidence

  • Save artifacts, command outputs, and API response summaries under output/alicloud-backup-hbr/.
  • Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

References

  • Sources: references/sources.md

Comments

Loading comments...