ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dataworks Daily Monitor

v1.0.0

每天统计并汇总昨日 DataWorks 任务运行状态,包括成功、失败、运行中数量及失败任务告警通知。

0· 104·1 current·1 all-time
by@alexmayanjun-collab

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alexmayanjun-collab/dataworks-daily-monitor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Dataworks Daily Monitor" (alexmayanjun-collab/dataworks-daily-monitor) from ClawHub.
Skill page: https://clawhub.ai/alexmayanjun-collab/dataworks-daily-monitor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dataworks-daily-monitor

ClawHub CLI

Package manager switcher

npx clawhub@latest install dataworks-daily-monitor
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (daily DataWorks monitoring) legitimately requires Alibaba Cloud credentials (AccessKey ID/Secret) and a project/region ID — these appear in SKILL.md and README. However, the registry metadata lists no required environment variables or a primary credential, which is inconsistent. The README also references sending reports via Feishu but the skill metadata does not declare any Feishu/webhook/token requirements.
!
Instruction Scope
SKILL.md instructs the agent to read ALIYUN_ACCESS_KEY_ID, ALIYUN_ACCESS_KEY_SECRET, DATAWORKS_PROJECT_ID, and DATAWORKS_REGION_ID and to call DataWorks APIs for yesterday's range, then send reports via Feishu and '@' users on failure. The instructions do not specify how Feishu credentials or webhook URLs are provided or protected, nor do they explain precise mention/recipient handling. The README suggests storing keys in gateway config (~/.openclaw/openclaw.json) or shell rc, which could expose secrets if done insecurely.
Install Mechanism
No install spec or code files are included; this is instruction-only. That is a lower installation risk because nothing new is written to disk by an installer, but runtime behavior depends entirely on where credentials and delivery endpoints are configured in the agent environment.
!
Credentials
The sensitive env vars requested by the instructions (AL IYUN_ACCESS_KEY_ID and ALIYUN_ACCESS_KEY_SECRET) are proportionate to calling DataWorks APIs, but they are not declared in the skill metadata. Also, the skill requires a Feishu delivery mechanism (token/webhook/user IDs) which is not declared at all. Advice in README to place keys into gateway config or shell rc increases risk if users store long-lived keys or use high-privilege accounts.
Persistence & Privilege
always is false (normal). The skill does not include install-time persistence or request system-wide configuration changes, nor does it claim to modify other skills. Autonomous invocation is allowed (platform default); combined with the above environment concerns, this increases potential blast radius but is not itself unusual.
What to consider before installing
This skill is plausible for DataWorks monitoring, but there are important inconsistencies and missing details you should resolve before installing: - The SKILL.md and README instruct reading ALIYUN_ACCESS_KEY_ID / ALIYUN_ACCESS_KEY_SECRET and DataWorks project/region, but the registry lists no required env vars — ask the author to update the metadata to explicitly list required secrets. - The skill plans to send reports via Feishu, but does not state how Feishu credentials/webhook/user IDs are supplied. Confirm the exact mechanism (Feishu bot token, webhook URL, or OIDC) and where those secrets are stored. - Never provide long-lived root account credentials. Use a RAM subaccount with the minimal permissions needed to call ListDagInstances/GetInstanceStatus and nothing else. - Avoid storing secrets in plaintext files like ~/.bashrc or an unencrypted openclaw.json. Prefer the platform's secret store or an encrypted config and rotate/revoke test keys after verifying behavior. - Because the skill can be invoked autonomously, ensure the keys you provide cannot be used to perform unrelated actions (enforce least privilege). Test with read-only or very narrowly scoped keys first. - Request or inspect runnable code (not just instructions) to verify how failures, recipient mentions, and report delivery are implemented and to confirm no unexpected data exfiltration occurs. If the author cannot clarify the missing Feishu configuration or update the declared env vars, treat the skill as untrusted and do not provide production credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730sy9kra94tb4m0wvjpwe9983h9kx
104downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@alexmayanjun-collab
latest
Download

DataWorks 每日任务监控技能

功能

每日统计 DataWorks 任务运行情况,成功/失败汇总,失败任务告警

触发词

  • "检查 DataWorks 任务状态"
  • "昨天 DataWorks 任务运行情况"
  • "DataWorks 失败任务有哪些"
  • "dataworks 监控"
  • "任务运行日报"

执行流程

1. 读取配置

从环境变量读取:

  • ALIYUN_ACCESS_KEY_ID
  • ALIYUN_ACCESS_KEY_SECRET
  • DATAWORKS_PROJECT_ID
  • DATAWORKS_REGION_ID (默认:cn-shanghai)

2. 计算时间范围

获取昨天的时间范围:

  • Start: 昨天 00:00:00
  • End: 昨天 23:59:59

3. 调用 DataWorks API

ListDagInstances(
  ProjectId=PROJECT_ID,
  StartTime=start_time,
  EndTime=end_time
)

4. 统计任务状态

状态分类:

  • ✅ 成功 (SUCCESS, SUCCEEDED)
  • ❌ 失败 (FAILED, FAILURE)
  • ⏳ 运行中 (RUNNING, PENDING)
  • ❄️ 冻结/暂停 (FROZEN, FREEZED) - 不计入失败
  • ⏭️ 未运行 (NOT_RUN, SKIP, SKIPPED) - 不计入失败
  • 📊 其他

统计逻辑:

  • 实际运行数 = 成功 + 失败 + 运行中
  • 冻结/暂停/未运行的任务单独统计,不算失败

5. 生成报告

📊 DataWorks 任务日报 (2026-02-26)

✅ 成功:158 个
❌ 失败:3 个
⏳ 运行中:0 个
📋 总计:161 个

❌ 失败任务:
1. ods_user_info_df - 数据源连接超时
2. dwd_order_detail_di - 字段类型不匹配
3. ads_daily_report_di - 内存不足

详情:https://dataworks.console.aliyun.com/...

6. 发送报告

通过飞书发送给用户

7. 失败告警

如果有失败任务,@用户告警

API 配置

环境变量:

export ALIYUN_ACCESS_KEY_ID="your_access_key_id"
export ALIYUN_ACCESS_KEY_SECRET="your_access_key_secret"
export DATAWORKS_PROJECT_ID="your_project_id"
export DATAWORKS_REGION_ID="cn-shanghai"

核心 API

API功能
ListDagInstances获取指定日期的任务实例列表
GetInstanceStatus查询任务实例状态

报告格式

📊 DataWorks 任务日报 (YYYY-MM-DD)

✅ 成功:X 个
❌ 失败:X 个
⏳ 运行中:X 个
📋 总计:X 个

❌ 失败任务:
1. 任务名 - 错误信息
2. ...

详情链接:[DataWorks 控制台]

定时任务

时间: 每天上午 9:00 自动执行

触发词: dataworks-daily-check

注意事项

  1. 权限要求 - 需要有 DataWorks API 访问权限
  2. 配置安全 - AccessKey 不要泄露
  3. 失败告警 - 有失败任务时立即告警
  4. 报告保存 - 可选保存到文件

Comments

Loading comments...