alibabacloud-cfw-acl-diagnosis

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust 'read-only' privilege model, explicitly forbidding any Create, Update, or Delete API calls. It includes mandatory self-checks to prevent accidental file writing or command execution that could modify the environment.
  • [SAFE]: Security-sensitive CLI commands such as aliyun configure get and aliyun configure list are strictly prohibited to prevent the exposure of AccessKey credentials. The skill relies on the standard system-provided credential chain.
  • [EXTERNAL_DOWNLOADS]: The skill mentions the installation of the aliyun-cli-cloudfw plugin via aliyun plugin install. As the skill is authored by 'aliyun' and uses the official vendor CLI to install its own plugin, this is considered a legitimate and safe administrative operation within the vendor ecosystem.
  • [COMMAND_EXECUTION]: All executed commands are read-only Alibaba Cloud service queries (describe-*, get-logs-v2, lookup-events). These are standard diagnostic operations required for the skill's stated purpose of firewall troubleshooting.
  • [SAFE]: The observability requirements (User-Agent with UUID session IDs) follow industry best practices for tracing diagnostic workflows without compromising security.
  • [SAFE]: No obfuscation, persistence mechanisms, or unauthorized data exfiltration patterns were detected in the instructions or reference materials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 07:10 AM
Security Audit — agent-trust-hub — alibabacloud-cfw-acl-diagnosis