alibabacloud-cfw-acl-diagnosis
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust 'read-only' privilege model, explicitly forbidding any Create, Update, or Delete API calls. It includes mandatory self-checks to prevent accidental file writing or command execution that could modify the environment.
- [SAFE]: Security-sensitive CLI commands such as
aliyun configure getandaliyun configure listare strictly prohibited to prevent the exposure of AccessKey credentials. The skill relies on the standard system-provided credential chain. - [EXTERNAL_DOWNLOADS]: The skill mentions the installation of the
aliyun-cli-cloudfwplugin viaaliyun plugin install. As the skill is authored by 'aliyun' and uses the official vendor CLI to install its own plugin, this is considered a legitimate and safe administrative operation within the vendor ecosystem. - [COMMAND_EXECUTION]: All executed commands are read-only Alibaba Cloud service queries (
describe-*,get-logs-v2,lookup-events). These are standard diagnostic operations required for the skill's stated purpose of firewall troubleshooting. - [SAFE]: The observability requirements (User-Agent with UUID session IDs) follow industry best practices for tracing diagnostic workflows without compromising security.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized data exfiltration patterns were detected in the instructions or reference materials.
Audit Metadata