ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun Pai Workspace

v1.0.0

Use when managing Alibaba Cloud PAI AIWorkspace (AIWorkSpace) via OpenAPI/SDK, including the user is operating AIWorkspace resources such as workspace/projec...

0· 7·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description match the included code and instructions: this is an Alibaba Cloud AIWorkSpace management helper. However, the SKILL.md clearly expects Alibaba Cloud credentials and a shared config path (~/.alibabacloud/credentials) while the registry metadata lists no required environment variables or primary credential. That mismatch between claimed runtime requirements and declared registry metadata is a coherence concern.
!
Instruction Scope
SKILL.md instructs the agent to use environment variables (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / optional ALICLOUD_REGION_ID) and an on-disk shared config file for credentials, to discover APIs, call SDK/OpenAPI, and write artifacts to output/aliyun-pai-workspace/. Those instructions are within the stated purpose, but they reference reading a user credentials file and environment variables not declared in the skill manifest — this is a scope/visibility mismatch that may affect permission handling and user consent.
Install Mechanism
No install spec and only a small Python script are included. The script uses Python stdlib urllib to fetch metadata from api.aliyun.com (an official-looking endpoint). No downloads or third-party packages are fetched at install/runtime by the skill itself.
!
Credentials
The runtime expects standard Alibaba Cloud credentials (access key id/secret and optional region) and suggests using least-privilege credentials, which is proportionate to cloud management tasks. The problem: the registry metadata declares no required env vars or primary credential, so platform-level prompts/permission controls may not present or enforce expected protections. The skill also references a user credentials file path (~/.alibabacloud/credentials) that isn't declared in required config paths.
Persistence & Privilege
always is false and the skill has no install steps that modify other skills or system settings. It writes output only under output/aliyun-pai-workspace/, which is confined to its own artifact directory; there is no indication of elevated or persistent privileges.
What to consider before installing
This skill otherwise looks coherent for managing Alibaba Cloud AIWorkspace, but there is an important metadata mismatch: SKILL.md expects ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET (and optionally ALICLOUD_REGION_ID) and may read ~/.alibabacloud/credentials, yet the registry entry does not declare these requirements. Before installing or running it: - Do not supply high-privilege credentials. Create and provide least-privilege (read-only or narrowly scoped) keys for inventory/metadata actions and a separate set for any mutating tasks. - Confirm you are comfortable with the skill reading ~/.alibabacloud/credentials or set the environment variables instead. - Because the skill's source/homepage is 'unknown', consider running the included Python script locally in a sandbox to inspect its behavior (it fetches API metadata from https://api.aliyun.com and writes to output/aliyun-pai-workspace/) before granting credentials. - Ask the publisher to update the registry metadata to explicitly list required env vars and primary credential so the platform can present correct permission prompts. If you can't confirm the author or update metadata, treat credential use as risky and avoid supplying production keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk976y7ax1tcmrq1wadj8kq4tx18412kb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Category: service

PAI AIWorkspace

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Platform for Artificial Intelligence PAI - AIWorkspace.

Workflow

  1. Confirm region, resource identifiers, and desired action.
  2. Discover API list and required parameters (see references).
  3. Call API with SDK or OpenAPI Explorer.
  4. Verify results with describe/list APIs.

AccessKey priority (must follow)

  1. Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
  2. Shared config file: ~/.alibabacloud/credentials

API discovery

  • Product code: AIWorkSpace
  • Default API version: 2021-02-04
  • Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

  1. Inventory/list: prefer List* / Describe* APIs to get current resources.
  2. Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
  3. Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/aliyun-pai-workspace/

Validation

mkdir -p output/aliyun-pai-workspace
for f in skills/ai/platform/aliyun-pai-workspace/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-pai-workspace/validate.txt

Pass criteria: command exits 0 and output/aliyun-pai-workspace/validate.txt is generated.

Output And Evidence

  • Save artifacts, command outputs, and API response summaries under output/aliyun-pai-workspace/.
  • Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

References

  • Sources: references/sources.md

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…