alibabacloud-alinux-sysom-inspection

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides the osops.sh script which executes a Python-based CLI (sysom_cli) to interact with Alibaba Cloud services. These commands are limited to legitimate infrastructure management tasks such as triggering system inspections and requesting diagnostic reports.
  • [EXTERNAL_DOWNLOADS]: The init.sh setup script installs required Python dependencies from the official PyPI registry, specifically requests and Alibaba Cloud's own SDK libraries (alibabacloud-tea-openapi, alibabacloud-tea-util).
  • [DATA_EXFILTRATION]: The code in scripts/sysom_cli/lib/auth.py contains logic to resolve Alibaba Cloud credentials. It checks environment variables, the standard local configuration file (~/.aliyun/config.json), and the ECS metadata service (100.100.100.200). This behavior is standard and necessary for authenticating with cloud APIs and does not constitute unauthorized data exposure.
  • [REMOTE_CODE_EXECUTION]: While the skill can initiate the installation of the SysOM agent on a target ECS instance via the InstallAgentWithType API call, this is the primary stated purpose of the skill and includes a safeguard that requires interactive user confirmation when run in a TTY environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 09:56 AM
Security Audit — agent-trust-hub — alibabacloud-alinux-sysom-inspection