alibabacloud-cms-manage
Audited by Snyk on Jun 16, 2026
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and renders/executes remote onboarding code at runtime — e.g. it calls
aliyun cms2 integration addon getto retrieve addon code templates that are rendered into instructions, it instructs downloading agent binaries from URLs like "http://arms-apm-{regionId}.oss-{regionId}.aliyuncs.com/.../AliyunJavaAgent.zip" (wget + unzip), and it even documents installer patterns that run remote scripts such ascurl -fsSL ... | bash, all of which are runtime external dependencies that can execute remote code or directly control agent instructions.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the skill text for literal high-entropy credentials. I found a concrete token in the example apm configuration response:
- In references/apm.md (Step 3 — "Example real response") the JSON contains: "entryPointInfo": { "authToken": "awy7aw18hz@26*44b70", ... }
This value is a non-placeholder, random-looking token that the document even maps to LicenseKey / authToken and calls it sensitive ("Agent authentication token (sensitive)"). Therefore it meets the definition of a secret (high-entropy credential that grants reporting access).
Ignored items / why not flagged:
- service identifiers like "pid": "awy7aw18hz@9269550ea2c2be0" and "serviceId": "awy7aw18hz@645ab0bc177a46e87c7f1" are resource IDs/identifiers, not authentication secrets — not flagged.
- workspace names, requestId, endpoints, and account/workspace numeric IDs are not secrets.
- All placeholder patterns ({LicenseKey}, {workspace}, YOUR_API_KEY, etc.) and env var names are intentionally ignored per the rules.
Conclusion: there is an actual credential-like token present in the example response (entryPointInfo.authToken), so this counts as a real secret exposure in the document.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (3)
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).