alibabacloud-ecs-code-deploy

Warn

Audited by Socket on May 29, 2026

2 alerts found:

Anomalyx2
AnomalyLOW
references/script-templates.md

This module is primarily a deployment/bootstrapping template rather than a standalone malware payload. It extracts and then executes an uploaded ZIP artifact, and it launches an externally provided `{START_CMD}` with no allowlisting—so compromise is most likely via untrusted artifact contents and dependency/install hooks or via unsafe runtime bootstrap (notably the Node `curl | bash` pattern). Composer/Go installer checks mitigate some integrity risks for those specific steps. Overall, no direct malicious behavior is evident in the fragment itself, but the supply-chain and integrity risk is moderate due to untrusted extraction + arbitrary command execution and high-risk installer patterns.

Confidence: 66%Severity: 62%
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is largely coherent with its stated Alibaba Cloud ECS deployment purpose and uses official Alibaba tooling, so it does not look malicious. However, it still carries medium risk because it can install software via mutable official installers, process untrusted repos/READMEs, and perform autonomous real-world cloud deployment actions that may create costs or affect existing ECS workloads.

Confidence: 86%Severity: 56%
Audit Metadata
Analyzed At
May 29, 2026, 07:54 AM
Package URL
pkg:socket/skills-sh/aliyun%2Falibabacloud-aiops-skills%2Falibabacloud-ecs-code-deploy%2F@b1e35f012b1ef1bde0def8f495aaadd313121a9c
Security Audit — socket — alibabacloud-ecs-code-deploy