alibabacloud-ddos-native-intercept-query

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to install or update the Aliyun CLI using a piped shell script: curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash. While this is a remote code execution pattern, the source is the official Alibaba Cloud CDN, making it a standard installation method for the vendor's tooling.
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs Aliyun CLI plugins (aliyun-cli-ddosbgp, aliyun-cli-antiddos-public) from official Alibaba Cloud repositories using the aliyun plugin install command.
  • [COMMAND_EXECUTION]: The skill executes various Aliyun CLI commands (ddosbgp, antiddos-public) to fetch instance information, intercept records, and policy configurations. All commands are limited to read-only actions (Describe*, List*).
  • [SAFE]: The skill implements strong security practices, including explicit instructions to never read or echo sensitive credentials (AK/SK) and a mandatory refusal pattern for any write operations, ensuring the agent operates within a strictly read-only scope.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:27 PM
Security Audit — agent-trust-hub — alibabacloud-ddos-native-intercept-query