The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the Alibaba Cloud CLI installation script from 'https://aliyuncli.alicdn.com/setup.sh'. This is a standard vendor-provided resource for CLI setup. Additionally, it uses 'npx' to download and install skills from the 'aliyun' organization on GitHub and NPM.
[REMOTE_CODE_EXECUTION]: The instructions involve piping a remote shell script directly into 'bash' for CLI installation. It also utilizes 'npx skills add' and 'npx clawhub install' which download and execute remote packages at runtime to add new capabilities to the environment.
[COMMAND_EXECUTION]: The skill performs extensive shell command execution using the 'aliyun' CLI tool. This includes local profile management ('aliyun configure list'), plugin installation ('aliyun plugin install'), and API-based discovery tasks via the 'agentexplorer' plugin ('aliyun agentexplorer search-skills').
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves and renders markdown content from an external registry using 'get-skill-content'. This risk is addressed by instructional guardrails requiring the agent to present search results and skill details for human review and confirmation before proceeding with any installation.
[CREDENTIALS_UNSAFE]: The skill implements best practices for credential management by explicitly prohibiting the reading, printing, or requesting of Access Keys or Secret Keys (AK/SK). It relies on existing local CLI profiles and environment variables for authentication.

alibabacloud-find-skills