Skills
skills/aliyun/alibabacloud-aiops-skills/alibabacloud-agentbay-aio-skills/Gen Agent Trust Hub

alibabacloud-agentbay-aio-skills

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of Python, JavaScript, R, and Java code within a remote Alibaba Cloud AgentBay sandbox using the official wuying-agentbay-sdk. This design ensures that untrusted user-provided code is isolated from the local environment.
  • [COMMAND_EXECUTION]: The provided scripts/run_code.py script serves as a local wrapper to manage remote sandbox sessions. It includes instructions to add font configuration and system dependencies via apt-get specifically within the remote sandbox environment.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with legitimate Alibaba Cloud service endpoints, such as agentbay.aliyuncs.com and mirrors.aliyun.com, for API requests and package management within the sandbox.
  • [CREDENTIALS_UNSAFE]: The script manages service authentication by reading an API key from a standard local configuration path (~/.config/agentbay/api_key). The instructions emphasize protecting this key from exposure in conversational outputs.
  • [DATA_EXFILTRATION]: User-specified code files are transmitted to the remote sandbox for processing. The script implements a robust security check using os.path.realpath to ensure that local file access is strictly confined to the current working directory, effectively preventing directory traversal attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 02:52 AM