The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interacts with the Alibaba Cloud environment by invoking the local aliyun CLI tool through subprocess.run in scripts/base_client.py. This is standard practice for infrastructure management skills.
[REMOTE_CODE_EXECUTION]: The skill provides capabilities to execute shell commands on remote ECS instances via the Cloud Assistant service (scripts/ecs_client.py). This is a documented administrative feature intended for security remediation and system maintenance.
[REMOTE_CODE_EXECUTION]: A robust security filtering mechanism is implemented in scripts/run_cloud_assistant_command.py via the _BLOCKED_PATTERNS list. This blocklist proactively prevents the execution of high-risk commands such as root-level deletions, firewall disabling, and reverse shell creation.
[EXTERNAL_DOWNLOADS]: The scripts/install_security_guardrail.py script fetches a configuration command from the vendor's official AISC API (aisc.cn-shanghai.aliyuncs.com) and executes it. This is a trusted operation within the vendor's ecosystem.
[SAFE]: Heuristic detections of malicious URLs and shell patterns by automated scanners are confirmed false positives. These strings are present only as documentation examples and regex patterns within the skill's security blocklist logic.
[SAFE]: Cloud credentials are handled securely by relying on the system-wide aliyun CLI configuration (~/.aliyun/config.json) rather than hardcoding sensitive tokens within the skill's source code.

alibabacloud-sas-openclaw-security