ClawAudit verdict
ccai-conversation-analysis
intelligent-conversation-analysis
Alibaba Cloud CCAI conversation analysis skill that processes customer service transcripts; requires explicit user confirmation before executing (BLOCKING steps), reads user-provided env vars for Alibaba Cloud credentials, and sends data only to the declared Alibaba Cloud API endpoint.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (1)
Possible hardcoded credential
SKILL.md ยท code ยท SECRET="your-access-key-secret
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.