alibabacloud-cms-manage

Fail

Audited by Snyk on Jun 16, 2026

Risk Level: HIGH
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and renders/executes remote onboarding code at runtime — e.g. it calls aliyun cms2 integration addon get to retrieve addon code templates that are rendered into instructions, it instructs downloading agent binaries from URLs like "http://arms-apm-{regionId}.oss-{regionId}.aliyuncs.com/.../AliyunJavaAgent.zip" (wget + unzip), and it even documents installer patterns that run remote scripts such as curl -fsSL ... | bash, all of which are runtime external dependencies that can execute remote code or directly control agent instructions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the skill text for literal high-entropy credentials. I found a concrete token in the example apm configuration response:
  • In references/apm.md (Step 3 — "Example real response") the JSON contains: "entryPointInfo": { "authToken": "awy7aw18hz@26*44b70", ... }

This value is a non-placeholder, random-looking token that the document even maps to LicenseKey / authToken and calls it sensitive ("Agent authentication token (sensitive)"). Therefore it meets the definition of a secret (high-entropy credential that grants reporting access).

Ignored items / why not flagged:

  • service identifiers like "pid": "awy7aw18hz@9269550ea2c2be0" and "serviceId": "awy7aw18hz@645ab0bc177a46e87c7f1" are resource IDs/identifiers, not authentication secrets — not flagged.
  • workspace names, requestId, endpoints, and account/workspace numeric IDs are not secrets.
  • All placeholder patterns ({LicenseKey}, {workspace}, YOUR_API_KEY, etc.) and env var names are intentionally ignored per the rules.

Conclusion: there is an actual credential-like token present in the example response (entryPointInfo.authToken), so this counts as a real secret exposure in the document.


MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (3)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 02:58 AM
Issues
3
Security Audit — snyk — alibabacloud-cms-manage