alicloud-observability-openclaw-sls-integration
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the LoongCollector installation script from an official Alibaba Cloud Object Storage Service (OSS) endpoint (
aliyuncs.com). This is a well-known and trusted service domain for this cloud provider. - [REMOTE_CODE_EXECUTION]: Executes a downloaded shell script (
loongcollector.sh) to perform the agent installation on the host system. The script is sourced directly from the vendor's verified infrastructure. - [COMMAND_EXECUTION]: Utilizes
sudofor administrative tasks including package management (apt-get,yum, etc.), directory creation in system paths (/etc/ilogtail), and managing log collector services. These operations are restricted to the configuration of the observability stack as described in the skill's purpose. - [CREDENTIALS_UNSAFE]: The skill correctly handles sensitive environment variables (
ALIBABA_CLOUD_ACCESS_KEY_ID,ALIBABA_CLOUD_ACCESS_KEY_SECRET) by exporting them for use by the officialaliyunCLI without hardcoding or logging them.
Audit Metadata