alibabacloud-ecs-code-deploy
Audited by Socket on May 29, 2026
2 alerts found:
Anomalyx2This module is primarily a deployment/bootstrapping template rather than a standalone malware payload. It extracts and then executes an uploaded ZIP artifact, and it launches an externally provided `{START_CMD}` with no allowlisting—so compromise is most likely via untrusted artifact contents and dependency/install hooks or via unsafe runtime bootstrap (notably the Node `curl | bash` pattern). Composer/Go installer checks mitigate some integrity risks for those specific steps. Overall, no direct malicious behavior is evident in the fragment itself, but the supply-chain and integrity risk is moderate due to untrusted extraction + arbitrary command execution and high-risk installer patterns.
SUSPICIOUS: the skill is largely coherent with its stated Alibaba Cloud ECS deployment purpose and uses official Alibaba tooling, so it does not look malicious. However, it still carries medium risk because it can install software via mutable official installers, process untrusted repos/READMEs, and perform autonomous real-world cloud deployment actions that may create costs or affect existing ECS workloads.