alibabacloud-openclaw-ecs-dingtalk

SUSPICIOUS: The overall workflow matches the stated purpose, and most cloud/API calls go to official Alibaba endpoints, but the most sensitive step relies on an unverified remote install script that receives both the Bailian API key and DingTalk secret. That combination makes the skill materially risky even without clear evidence of malicious intent.