ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun Adb Mysql

v1.0.0

Use when managing Alibaba Cloud AnalyticDB for MySQL (ADB) via OpenAPI/SDK, including the user needs AnalyticDB resource lifecycle and configuration operatio...

0· 9·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name, description, references, and the included script all align with managing Alibaba Cloud AnalyticDB for MySQL via OpenAPI. However, the registry metadata declares no required environment variables or config paths while the SKILL.md explicitly requires Alibaba Cloud credentials and a shared config path (~/.alibabacloud/credentials). This mismatch is unexpected and inconsistent.
!
Instruction Scope
SKILL.md instructs the agent to use environment variables (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / optional ALICLOUD_REGION_ID) or the shared credentials file and to write artifacts under output/aliyun-adb-mysql/. Those instructions are limited to the ADB management purpose (API discovery and evidence saving). The concern is the instructions reference credentials/config paths that are not declared in the skill metadata and instruct saving 'key parameters' into evidence files (which could be misinterpreted to include sensitive info) — the scope is otherwise appropriate.
Install Mechanism
Instruction-only skill with no install step. The included Python script only performs safe HTTP GETs to public API metadata endpoints (api.aliyun.com) and writes JSON/MD under an output directory. No downloads, no extracted archives, and no additional packages are installed.
!
Credentials
The credentials the SKILL.md requires (Alibaba Cloud access key ID/secret and optional region) are reasonable for the stated purpose. However, the skill metadata declares no required env vars or config paths and lists no primary credential — that discrepancy is problematic because the agent/platform cannot surface or validate the needed secrets before enabling the skill. Also, SKILL.md asks to use ~/.alibabacloud/credentials but that path is not declared in required config paths.
Persistence & Privilege
Skill is not always-enabled and is user-invocable (normal). It does not request persistent privileges or alter other skills/configuration. No other privilege concerns observed.
What to consider before installing
This skill appears to do what it says (discover ADB OpenAPI metadata and help call ADB APIs) and the included script only fetches public API metadata from api.aliyun.com. However, SKILL.md requires Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET) and a shared credentials file path, but the package metadata lists no required env vars or config paths — an inconsistency you should resolve before use. Recommendations before installing or running: (1) Require and provide a least-privilege Alibaba Cloud API key pair scoped to the necessary ADB operations (do not use full admin keys). (2) Inspect the ~/.alibabacloud/credentials file and the outputs written to output/aliyun-adb-mysql/ to ensure no secrets are being saved. (3) If you need to allow this skill to run automatically, first update metadata to declare required env vars/config paths so the platform can prompt for them; otherwise treat it as a manual, user-invoked helper. (4) Run the script in a controlled/non-production environment first to confirm expected behavior and network access to api.aliyun.com. If the publisher updates the registry metadata to properly declare required credentials and config paths, the inconsistency concern would be resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk979qzy4kjfv3jp6a2fnssshxs8418s2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Category: service

AnalyticDB for MySQL

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for AnalyticDB for MySQL.

Workflow

  1. Confirm region, resource identifiers, and desired action.
  2. Discover API list and required parameters (see references).
  3. Call API with SDK or OpenAPI Explorer.
  4. Verify results with describe/list APIs.

AccessKey priority (must follow)

  1. Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
  2. Shared config file: ~/.alibabacloud/credentials

API discovery

  • Product code: adb
  • Default API version: 2021-12-01
  • Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

  1. Inventory/list: prefer List* / Describe* APIs to get current resources.
  2. Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
  3. Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/aliyun-adb-mysql/

Validation

mkdir -p output/aliyun-adb-mysql
for f in skills/database/analyticdb/aliyun-adb-mysql/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-adb-mysql/validate.txt

Pass criteria: command exits 0 and output/aliyun-adb-mysql/validate.txt is generated.

Output And Evidence

  • Save artifacts, command outputs, and API response summaries under output/aliyun-adb-mysql/.
  • Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

References

  • Sources: references/sources.md

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…