ClawAudit verdict

alibabacloud-lindorm-agent-skill

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

The skill seems to provide a comprehensive set of capabilities for managing and interacting with Alibaba Cloud Lindorm databases, and there's no evidence of malicious behavior.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
70
transparency
70
maintenance

Findings (7)

Pattern match critical

Possible hardcoded credential

references/01-dev/sql-client-guide.md · code · password = "your_password

Pattern match critical

Pipe to python — executes piped content as Python code

references/03-ref/lindorm-cli-guide.md · code · | python3

Pattern match high

Dynamic import() — loads module at runtime

references/01-dev/sql-client-guide.md · code · import ( "

Pattern match high

yum install — installs system packages

references/01-dev/sql-client-guide.md · code · yum install

Pattern match high

References sudo — requests elevated privileges

references/03-ref/cli-installation-guide.md · code · sudo

Pattern match medium

Instructs covert action — may act without user awareness

references/03-ref/lindorm-cli-guide.md · prose · downgraded · silently

Pattern match low

Popular HTTP library — network access

SKILL.md · prose · downgraded · got

Permissions & capabilities

Requires 1 system binary.

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API