Alibaba adds security to Nacos 3.2

Alibaba Cloud’s Nacos 3.2 update adds a private registry for artificial intelligence agent “skills,” with tighter access controls and audit records aimed at production use. (alibabacloud.com) Nacos is an open-source platform Alibaba uses for service discovery and configuration management, and its official site now describes version 3.2.0 as adding artificial intelligence registry features for prompts, Model Context Protocol services, and agent workflows. (nacos.io) In Nacos, a “skill” is a packaged set of instructions and files that an agent can load to perform a repeatable task, like a reusable playbook for a chatbot or software assistant. The Nacos documentation says the Skill Registry, introduced in version 3.2.0, handles creation, versioning, review, publishing, and distribution from one place. (nacos.io) Alibaba Cloud said the registry is built as a private repository for teams and organizations, rather than a public marketplace. The company said that setup lets enterprises store, review, and share skills internally before agents use them in live systems. (alibabacloud.com) The security pitch is straightforward: decide who can see a skill, who can edit it, and who can publish it. Nacos’ April 2 post says version 3.2 uses role-based access control, namespace isolation between teams or environments, and per-skill visibility settings. (nacos.io) The software also keeps records of what happened to a skill over time. Nacos said the audit trail covers uploads, review decisions, publication records, and which agents called which version, creating what it described as a full lifecycle trace. (nacos.io) That focus follows a broader concern in enterprise artificial intelligence: prompts, tools, and agent workflows are turning into managed assets, not just code snippets. Alibaba Cloud said the registry is meant to give companies a governance layer between agents and the skills they consume. (alibabacloud.com) Nacos also says the registry includes a built-in security review pipeline that scans for more than 10 common risks before publication. Its April 2 post says a skill that fails review is blocked from release under a “no pass, no publish” rule. (nacos.io) The company tied that design to risks in public skill hubs. In a March 13 post, Alibaba Cloud cited external research on sampled OpenClaw skills and said enterprises need private controls to screen for prompt injection, secret leaks, and other defects before reuse. (alibabacloud.com) Alibaba’s open-source repository shows the work is still moving quickly after the main release. A 3.2.1 snapshot published on April 3, 2026 listed fixes for artificial intelligence module stability, trace logging, console issues, and an option for administrators to force-publish skills. (github.com) The immediate result is less about adding another agent feature than about putting paperwork and permissions around one. Nacos 3.2 turns skills into governed inventory, with logs and access rules attached before they reach production agents. (alibabacloud.com)