ClawAudit verdict
alibabacloud-dms-skill
DMS database read/write skill that executes SQL via Alibaba Cloud DMS OpenAPI; executing SQL is the legitimate stated purpose of a database management skill, and credential handling follows standard secure patterns.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (6)
Possible hardcoded credential
references/acceptance-criteria.md · code · secret="8dXXXXXXXXXX
Pipe-to-shell pattern (curl | sh) — supply chain attack vector
SKILL.md · prose · downgraded · curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash
Pipe to bash — executes piped content as shell commands
SKILL.md · prose · downgraded · | bash
Instructs covert action — may act without user awareness
references/acceptance-criteria.md · code · silently
References sudo — requests elevated privileges
references/cli-installation-guide.md · code · sudo
Python os.getenv — reads environment variable
references/acceptance-criteria.md · code · os.getenv(
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class A). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.