alibabacloud-emr-starrocks-assistant
Warn
Audited by Socket on May 29, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill is largely coherent with its stated StarRocks ops purpose and uses direct FE connections rather than off-platform proxies, but it relies on bundled/private CLI tooling that is not publicly verifiable and stores credentials locally. The biggest security concern is credential/query handling through unverifiable local tooling plus explicit no-TLS connections; this raises security risk even though the behavior is not clearly malicious.
Confidence: 83%Severity: 58%
Audit Metadata