ClawAudit verdict
alibabacloud-sls-query
Skill orchestrates Alibaba Cloud SLS log queries via the official aliyun CLI with explicit security rules prohibiting credential echoing; behavior matches its stated log-query purpose.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
References sudo โ requests elevated privileges
references/cli-installation-guide.md ยท code ยท sudo
Base64 encoding/decoding
references/functions/encoding.yaml ยท prose ยท downgraded ยท base64_encode
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.