← 返回 Skills 市场
sdk-team

Alibabacloud Dsc Audit

作者 alibabacloud-skills-team · GitHub ↗ · v0.0.2 · MIT-0
cross-platform ⚠ suspicious
106
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install alibabacloud-dsc-audit
功能描述
Query and handle security risk events from Alibaba Cloud Data Security Center. Supports viewing the list of unprocessed risk events and performing manual han...
使用说明 (SKILL.md)

Alibaba Cloud Data Security Center Risk Event Query and Handling

This skill uses Alibaba Cloud Python Common SDK (generic invocation) to query security risk events from the Data Security Center and handle them.

Architecture

User → Python Common SDK → Data Security Center (Sddp) API
                              ├── DescribeRiskRules (Query risk events)
                              └── PreHandleAuditRisk (Handle risk events)

Installation

pip3 install -r scripts/requirements.txt

Or install packages individually:

pip3 install alibabacloud_tea_openapi==0.4.3 alibabacloud_credentials==1.0.8 alibabacloud_tea_util==0.3.14 alibabacloud_openapi_util==0.2.4

[MUST] CLI User-Agent — Every aliyun CLI command invocation must include: --user-agent AlibabaCloud-Agent-Skills/alibabacloud-dsc-audit

Pre-check: Aliyun CLI >= 3.3.3 required Run aliyun version to verify >= 3.3.3. If not installed or version too low, run curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash to update, or see references/cli-installation-guide.md for installation instructions.

Pre-check: Aliyun CLI plugin update required [MUST] run aliyun configure set --auto-plugin-install true to enable automatic plugin installation. [MUST] run aliyun plugin update to ensure that any existing plugins are always up-to-date.

At the start of the Core Workflow (before any CLI invocation): [MUST] Enable AI-Mode — AI-mode is required for Agent Skill execution. Run the following commands before any CLI invocation:

aliyun configure ai-mode enable
aliyun configure ai-mode set-user-agent --user-agent "AlibabaCloud-Agent-Skills/alibabacloud-dsc-audit"

[MUST] Disable AI-Mode at EVERY exit point — Before delivering the final response for ANY reason, always disable AI-mode first. This applies to ALL exit paths: workflow success, workflow failure, error/exception, user cancellation, session end, or any other scenario where no further CLI commands will be executed. AI-mode is only used for Agent Skill invocation scenarios and MUST NOT remain enabled after the skill stops running.

aliyun configure ai-mode disable

Authentication

Pre-check: Alibaba Cloud Credentials Required

Security Rules:

  • NEVER read, echo, or print AK/SK values (e.g., echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN)
  • NEVER ask the user to input AK/SK directly in the conversation or command line
  • NEVER use aliyun configure set with literal credential values
  • ONLY use aliyun configure list to check credential status
aliyun configure list

Check the output for a valid profile (AK, STS, or OAuth identity).

If no valid profile exists, STOP here.

  1. Obtain credentials from Alibaba Cloud Console
  2. Configure credentials outside of this session (via aliyun configure in terminal or environment variables in shell profile)
  3. Return and re-run after aliyun configure list shows a valid profile

RAM Permissions

Before using this skill, ensure the current user has the required RAM permissions. For detailed permission lists and policy configurations, refer to references/ram-policies.md

Parameter Confirmation

IMPORTANT: Parameter Confirmation — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, instance names, CIDR blocks, passwords, domain names, resource specifications, etc.) MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.

Parameter Required/Optional Description Default
CurrentPage Optional Current page number 1
PageSize Optional Records per page 10
HandleStatus Optional Processing status, PROCESSED means handled, UNPROCESSED means not handled UNPROCESSED
RiskId Required for handling Risk event ID -
HandleDetail Required for handling Handling details description -

Core Workflow

Step 1: Query Unprocessed Security Risk Events

Use the scripts/query_risk.py script to query unprocessed security risk events. This is a paginated API that returns the first 20 records by default.

python3 scripts/query_risk.py

Example output:

Found 31 unprocessed security risk events
================================================================================
Risk ID: 75110196
Rule Name: jiangyu_test_mysqldump
Risk Level: High Risk
Product Type: RDS
Alert Count: 20
Asset Count: 2
Rule Category: Database Dump Attack
--------------------------------------------------------------------------------

Query Result Field Descriptions

The query results return the following key fields. Risk Event ID (RiskId) is a required parameter for handling:

Field Description
RiskId Risk event ID, required for handling
RuleName Rule name
WarnLevelName Risk level (High Risk/Medium Risk/Low Risk)
ProductCode Product type (RDS/OSS, etc.)
AlarmCount Alert count
InstanceCount Number of affected assets
FirstAlarmTime First discovery time
LastAlarmTime Last discovery time

Step 2: Handle Security Risk Events

Use the scripts/handle_risk.py script to handle specified risk events.

python3 scripts/handle_risk.py \x3CRiskID> \x3CHandleDetail>

Example:

python3 scripts/handle_risk.py 75110196 "Confirmed as false positive, closing this alert"

Example output:

Handling risk event...
Risk ID: 75110196
Handle Detail: Confirmed as false positive, closing this alert
--------------------------------------------------
✅ Handling successful!
RequestId: C34D813F-A234-5D66-842D-504D84D5C680

Handling Parameter Descriptions

Parameter Description
RiskId Risk event ID, obtained from DescribeRiskRules API
HandleType Handling type, fixed as Manual (manual handling)
HandleMethod Handling method, fixed as 0
HandleDetail Handling details, requires user to input specific handling description

Success Verification

Verify Query Operation

  1. After executing the query code, check if the returned statusCode is 200
  2. Check if the returned body contains the Items list
  3. Verify that TotalCount matches the actual number of returned records

Verify Handling Operation

  1. After executing the handling code, check if the returned statusCode is 200
  2. Call DescribeRiskRules again to query the RiskId and confirm the status has changed

Cleanup

This skill is primarily used for query and handling operations, does not involve resource creation, and requires no cleanup.

API and Command Reference

Product API Action Script Description
Sddp DescribeRiskRules scripts/query_risk.py Query security risk events
Sddp PreHandleAuditRisk scripts/handle_risk.py Handle security risk events

Script Usage

Script Usage Description
query_risk.py python3 scripts/query_risk.py Execute directly, no parameters required
handle_risk.py python3 scripts/handle_risk.py \x3CRiskID> \x3CHandleDetail> Requires Risk ID and handling description

For detailed API information, refer to references/related-apis.md

Best Practices

  1. Paginated Query: When using paginated APIs, increment the CurrentPage parameter until all records are retrieved
  2. Record RiskId: The RiskId in query results is a required parameter for handling operations, make sure to record it
  3. Handle Description: Provide a clear HandleDetail description when handling for subsequent auditing
  4. Error Handling: Implement retry mechanisms for temporary errors like Throttling
  5. Credential Security: Use CredentialClient to manage credentials, do not hardcode AK/SK

Reference Links

Reference Document Description
references/related-apis.md API detailed documentation
references/ram-policies.md RAM permission configuration
references/cli-installation-guide.md CLI installation guide
references/acceptance-criteria.md Acceptance criteria
Generic Invocation Documentation Alibaba Cloud Python SDK generic invocation documentation

Important Notes

Warning: This skill only uses the Data Security Center's DescribeRiskRules and PreHandleAuditRisk APIs. If these two APIs cannot be found, report an error. Do NOT call other OpenAPIs without authorization. Do not use Alibaba Cloud CLI tools to call APIs.

安全使用建议
This skill's code appears to implement only the two DSC APIs it claims and uses official Alibaba SDK packages — that part is coherent. However: (1) the registry metadata omits that Alibaba credentials are required; expect to provide AK/SK, STS, or use an instance RAM role. (2) SKILL.md asks you to enable 'AI-mode' in the Aliyun CLI and to allow automatic plugin installation and to run a curl|bash installer from alicdn.com. These CLI changes persist and could allow the CLI to download/execute plugins; only proceed if you trust both the skill publisher and your environment. Recommendations before installing: run the Python scripts in an isolated environment (virtualenv/container); inspect the two Python files yourself (they are small and readable); avoid running curl | bash unless you verify the script contents; do not enable auto-plugin-install unless necessary — prefer manual plugin updates; grant the minimal RAM permissions (yundun-sddp:DescribeRiskRules and/or PreHandleAuditRisk) and use short-lived STS or scoped RAM user keys; ensure you can and will disable AI-mode after use; if possible ask the publisher for provenance (homepage, owner identity, code signing) to increase confidence.
功能分析
Type: OpenClaw Skill Name: alibabacloud-dsc-audit Version: 0.0.2 The skill bundle is a legitimate tool for managing Alibaba Cloud Data Security Center (DSC) risk events. The Python scripts (handle_risk.py, query_risk.py) use the official Alibaba Cloud SDK to interact with the Sddp service and include robust input validation and sanitization for parameters like RiskId and HandleDetail. The documentation (SKILL.md) explicitly includes security best practices, such as forbidding the agent from echoing or requesting access keys. While it mentions a 'curl|bash' installation method for the Aliyun CLI, it points to the official Alibaba Cloud domain (alicdn.com) and is a standard procedure for that tool.
能力标签
requires-walletrequires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
Name/description and included Python code are coherent: the two scripts use Alibaba Cloud Common SDK to call DescribeRiskRules and PreHandleAuditRisk, which matches the stated purpose. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and code implicitly require valid Alibaba Cloud credentials (AK/SK, STS, or instance role). The documentation also mandates CLI AI-mode and plugin configuration even though the provided runtime is the Python SDK, creating an unnecessary coupling to the 'aliyun' CLI.
Instruction Scope
SKILL.md instructs the user/agent to enable 'AI-mode', set a custom CLI user-agent, and enable auto-plugin-install and plugin updates. These commands modify local CLI configuration and can cause automatic plugin downloads. The skill also recommends installing the Aliyun CLI via a curl | bash install script if missing. While the scripts themselves only call Alibaba endpoints, the instructions expand scope to modifying system CLI behavior and installing remote code, which is outside the minimal scope of querying/handling DSC events.
Install Mechanism
There is no formal install spec (instruction-only), and Python dependencies are limited to Alibaba Cloud SDK packages listed in requirements.txt (traceable PyPI packages). The CLI install guidance points to Alibaba's official CDN (alicdn.com) which is expected for aliyun CLI, but it suggests executing a remote setup script (curl | bash) and moving binaries into PATH — operations that write to disk and execute code from the network. This increases install risk compared to pure instruction-only skills.
Credentials
The skill does not declare required environment variables in its registry metadata, yet SKILL.md and the Python code require valid Alibaba Cloud credentials (AK/SK, STS, or ECS RAM role) and region/configuration to function. That omission is an incoherence. The requested permissions in references/ram-policies.md are minimal and appropriate for the task (DescribeRiskRules and PreHandleAuditRisk), but the metadata should explicitly state credential requirements so users understand the secret access needed.
Persistence & Privilege
The skill is not set to always:true (good) and does not request persistent system-wide privileges. However, SKILL.md instructs changing CLI settings to enable AI-mode and set auto-plugin-install, which persist across sessions and can allow automatic plugin installation from remote sources. The document insists the user must disable AI-mode on exit, but this relies on correct execution and is fragile; accidental retention of AI-mode or auto-plugin-install increases risk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install alibabacloud-dsc-audit
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /alibabacloud-dsc-audit 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.2
**Summary: CLI AI-mode, User-Agent, and plugin upgrade requirements enforced.** - Requires Aliyun CLI version >= 3.3.3 (was >= 3.3.1). - All CLI invocations must set User-Agent to "AlibabaCloud-Agent-Skills/alibabacloud-dsc-audit". - AI-mode must be enabled before workflow begins and disabled at every exit point. - Users must update/install plugins via `aliyun plugin update` and set `--auto-plugin-install true`. - SKILL.md and CLI install guide updated with these new steps and requirements.
v0.0.1
Initial release of alibabacloud-dsc-audit skill. - Enables querying and manual handling of security risk events from Alibaba Cloud Data Security Center using Python Common SDK. - Provides scripts to list unprocessed risk events and perform manual handling operations. - Includes security best practices for credentials and user parameter confirmation. - Instructions for installation, authentication, permissions, workflow, and result verification included in documentation.
元数据
Slug alibabacloud-dsc-audit
版本 0.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Alibabacloud Dsc Audit 是什么?

Query and handle security risk events from Alibaba Cloud Data Security Center. Supports viewing the list of unprocessed risk events and performing manual han... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 106 次。

如何安装 Alibabacloud Dsc Audit?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install alibabacloud-dsc-audit」即可一键安装,无需额外配置。

Alibabacloud Dsc Audit 是免费的吗?

是的,Alibabacloud Dsc Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Alibabacloud Dsc Audit 支持哪些平台?

Alibabacloud Dsc Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Alibabacloud Dsc Audit?

由 alibabacloud-skills-team(@sdk-team)开发并维护,当前版本 v0.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论