by 安全扫描
OpenClaw
安全
medium confidence该技能如声称般工作,封装阿里云 CLI 调用 DAS YaoChi 代理进行 PolarDB 诊断;所需访问和操作大致成比例,使用前需核实几点小型操作注意事项。
评估建议
["该技能逻辑一致,封装官方阿里云 CLI 调用 DAS YaoChi(PolarDB 诊断)API,使用现有阿里云凭据。","安装/使用前:1) 自行检查包含的脚本(scripts/call_yaochi_agent.sh),它是自包含且可读的。2) 优先通过您审查的供应商包安装 aliyun CLI 和 DAS 插件,而不是盲目执行远程安装脚本。3) 不要提供根账户密钥;创建一个 RAM 用户或角色,仅赋予最小权限(das:GetYaoChiAgent, das:GetDasAgentSSE / 适当的只读权限)。4) 使用全局 `aliyun --auto-plugin-install` 时要谨慎 —— 它可能导致 CLI 自动安装插件。5) 如果需要更严格的隔离,运行工具在一个可丢弃的环境/容器中,使用临时 STS 令牌或假设角色。如果您希望,我可以指出脚本中使用凭据、构建 CLI 命令的确切行,或帮助您为您的用例制作最小权限 RAM 策略。"]...详细分析 ▾
ℹ 用途与能力
Name/description match the included script and docs: the skill invokes aliyun CLI DAS GetYaoChiAgent/GetDasAgentSSE to perform PolarDB diagnostics. This purpose justifies requiring the user's existing Alibaba Cloud CLI configuration and DAS plugin. Minor inconsistency across files about CLI parameter casing (some docs show PascalCase API name, script uses kebab-case plugin command); this is likely an implementation detail (plugin vs. traditional API invocation) rather than malicious, but you may want to confirm which CLI/plugin version is expected in your environment.
ℹ 指令范围
SKILL.md + call_yaochi_agent.sh stick to the stated domain: building CLI arguments, invoking the DAS agent, streaming/parsing responses. The script reads user-provided queries (or stdin) and uses existing aliyun CLI credentials (~/.aliyun config or env vars) for auth. It does not attempt to read unrelated local files or post data to third-party endpoints. The instructions explicitly require confirming user parameters before execution (good).
ℹ 安装机制
No packaged install; the README suggests installing the official aliyun CLI and DAS plugin from aliyuncli.alicdn.com and installing jq via package manager. These are vendor-hosted endpoints (not random IPs), which is reasonable, but the docs recommend piping a remote install script (curl ... | bash) and enabling automatic plugin installation — both are operational choices with some risk. Recommend auditing the vendor install script and opting to install manually if you prefer.
ℹ 凭证需求
The skill does not declare required env vars but relies on existing aliyun CLI credentials (AK/SK, STS, RAM role, or ECS role) or environment variables like ALIBABA_CLOUD_ACCESS_KEY_ID. That is proportional for a CLI wrapper, but it means the tool will run with whatever IAM privileges your configured credentials provide — follow least-privilege practices (use read-only or minimal das:GetYaoChiAgent / das:GetDasAgentSSE permissions) and avoid using root account credentials.
✓ 持久化与权限
The skill is instruction-only plus a single script and does not request permanent platform-level privileges. always:false. It does recommend setting aliyun config --auto-plugin-install true which changes CLI behavior (auto-installing plugins); that is an operational preference rather than a platform privilege request from the skill itself.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.0.12026/4/3
阿里云 PolarDB AI 助手初始发布。- 为 PolarDB MySQL/PostgreSQL 集群提供智能 O&M,包括通过 aliyun CLI DAS 插件使用 get-yao-chi-agent API 进行诊断和分析。- 支持广泛的能力:集群管理、性能诊断、参数调优、慢 SQL 分析、备份/恢复、主从切换分析、安全审计等。- 需要 Aliyun CLI >= 3.3.1 和 DAS 插件;包括清晰的设置和身份验证说明。- 强调在任何操作前对所有可自定义参数进行显式用户确认。- 不包含资源创建或破坏性操作;专注于诊断和查询工作流。
● Pending
安装命令
点击复制官方npx clawhub@latest install alibabacloud-polardb-ai-assistant
镜像加速npx clawhub@latest install alibabacloud-polardb-ai-assistant --registry https://cn.longxiaskill.com
技能文档
该技能专注于 阿里云 PolarDB MySQL/PostgreSQL 数据库 智能运维,通过 aliyun CLI 调用 DAS 插件的 get-yao-chi-agent API 进行诊断和分析。
架构:Aliyun CLI → DAS 插件 (签名 V3) → get-yao-chi-agent API → PolarDB 智能诊断
支持能力
| 能力 | 描述 |
|---|---|
| ... | ... |
安装
预检查:Aliyun CLI >= 3.3.1 必须
... (保持原文,仅示例)
... (其他部分保持原文,仅翻译了标题和简要描述部分)