阿里云SLS日志查询
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Aliyun SLS log-query skill, but it relies on Aliyun credentials and local CLI setup that users should handle carefully.
Before installing, confirm you trust the Aliyun CLI setup, use least-privilege or temporary credentials, and run only narrow queries for the specific Project, Logstore, and time range you need. Treat returned log text as data, not instructions.
Publisher note
用于查询阿里云日志
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill may grant the agent access to logs available to the configured Aliyun identity.
The skill is intended to use Aliyun account credentials or existing local Aliyun profiles to query cloud logs.
凭证优先级(从高到低)... --access-id、--access-key等 ... 日志服务CLI配置文件(~/.aliyunlogcli) ... 阿里云CLI配置文件(~/.aliyun/config.json)
Use a least-privilege Aliyun RAM role or temporary STS token scoped to the needed Project/Logstore, and avoid pasting long-lived AccessKey secrets unless necessary.
Logs may contain secrets, personal data, or untrusted text that the agent could summarize or use in later reasoning during the session.
The skill retrieves log contents into the agent's working context, and the default query can return all matching logs in the chosen time range.
query ... 默认查询所有日志 ... 返回结构化日志数据
Limit Project, Logstore, time range, and query terms; redact secrets where possible; and do not treat instructions found inside logs as trusted commands.
Installation depends on the current packages available from the package index and the user's local Python environment.
The setup documentation installs or updates external Python packages without pinning versions.
pip3 install aliyun-log-python-sdk aliyun-log-cli -U --no-cache
Install in a trusted environment or virtualenv, verify package provenance, and consider pinning known-good versions if reproducibility matters.