ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun Cloudauth Verify

v1.0.0

Use when managing Alibaba Cloud ID Verification (Cloudauth) via OpenAPI/SDK, including the user is working on identity-verification resource operations, conf...

0· 76·0 current·0 all-time
by@cinience

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cinience/aliyun-cloudauth-verify.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Aliyun Cloudauth Verify" (cinience/aliyun-cloudauth-verify) from ClawHub.
Skill page: https://clawhub.ai/cinience/aliyun-cloudauth-verify
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install aliyun-cloudauth-verify

ClawHub CLI

Package manager switcher

npx clawhub@latest install aliyun-cloudauth-verify
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included script all focus on Alibaba Cloud Cloudauth API discovery and management; the provided Python script fetches OpenAPI metadata from api.aliyun.com which is coherent with the stated purpose. Note: the skill's registry metadata lists no required env vars/credentials, but the SKILL.md explicitly expects Alibaba Cloud access keys and a shared config file — a documentation/metadata mismatch.
Instruction Scope
SKILL.md instructs the agent to prefer environment variables (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / optional ALICLOUD_REGION_ID) and to fall back to ~/.alibabacloud/credentials. This is reasonable for a cloud-management skill, but it means the agent will access local credentials/config files and may choose a region if the user doesn't provide one; that discretion is somewhat open-ended and should be limited for mutating operations (the doc does advise asking the user before mutating).
Install Mechanism
No install spec; skill is instruction-only with a small included Python script. No external downloads or package installs are performed by the skill itself, which keeps install risk low. The script makes network requests to official api.aliyun.com endpoints — expected for API discovery.
!
Credentials
The skill requires access to sensitive Alibaba Cloud credentials and a local credentials file according to SKILL.md, but the registry metadata lists no required environment variables or primary credential. Failing to declare these sensitive requirements is a meaningful omission: users and the platform should be aware this skill will access secrets and a home-directory config file.
Persistence & Privilege
always is false, the skill does not request persistent/autonomous elevated privileges, and it does not modify other skills or system-wide config. It writes artifacts only under an output/ subdirectory as described.
What to consider before installing
This skill appears to do what it says (fetch Cloudauth OpenAPI metadata) and the Python script is small and straightforward, but the SKILL.md expects your Alibaba Cloud access keys or a ~/.alibabacloud/credentials file even though the registry metadata does not declare any required credentials. Before installing or running it: (1) Inspect the script and SKILL.md yourself (you already have them) — the script only fetches metadata from api.aliyun.com. (2) Only provide Alibaba Cloud credentials with least-privilege keys and prefer using temporary or scoped credentials. (3) If you don't want the agent to access credentials autonomously, avoid enabling autonomous invocation or run the script manually in a controlled environment. (4) Ask the publisher (or require an updated registry entry) to explicitly declare required env vars/primary credential so the platform can surface the sensitive requirement to users.

Like a lobster shell, security has layers — review code before you run it.

latestvk972x73w3cfdzkxfse6agw9grd843e52
76downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@cinience
latest
Download

Category: service

ID Verification (Cloudauth)

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for ID Verification.

Workflow

  1. Confirm region, resource identifiers, and desired action.
  2. Discover API list and required parameters (see references).
  3. Call API with SDK or OpenAPI Explorer.
  4. Verify results with describe/list APIs.

AccessKey priority (must follow)

  1. Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
  2. Shared config file: ~/.alibabacloud/credentials

API discovery

  • Product code: Cloudauth
  • Default API version: 2022-11-25
  • Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

  1. Inventory/list: prefer List* / Describe* APIs to get current resources.
  2. Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
  3. Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/aliyun-cloudauth-verify/

Validation

mkdir -p output/aliyun-cloudauth-verify
for f in skills/security/identity/aliyun-cloudauth-verify/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-cloudauth-verify/validate.txt

Pass criteria: command exits 0 and output/aliyun-cloudauth-verify/validate.txt is generated.

Output And Evidence

  • Save artifacts, command outputs, and API response summaries under output/aliyun-cloudauth-verify/.
  • Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

References

  • Sources: references/sources.md

Comments

Loading comments...