alibabacloud-finops-inspect
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs only read-only inspections of Alibaba Cloud resources (ECS, RDS, VPC, SLB, etc.) to detect idle or low-utilization instances, adhering to the principle of least privilege.
- [SAFE]: It utilizes official Alibaba Cloud Python SDKs for all API interactions, ensuring authenticated and traceable communication with vendor infrastructure.
- [SAFE]: A mandatory Human-In-The-Loop (HITL) protocol is implemented, requiring the agent to confirm CLI parameters with the user before executing the inspection script.
- [SAFE]: Credential management relies on the standard
alibabacloud-credentialschain, which securely loads access keys from environment variables or existing CLI configurations without hardcoding or persistent logging. - [SAFE]: All network requests target official Alibaba Cloud API endpoints (
aliyuncs.com), which are legitimate resources for the skill's author (aliyun). - [SAFE]: The skill provides detailed documentation for RAM policies, encouraging users to grant only the specific read-only permissions required for operation.
- [SAFE]: The execution is restricted to a single entry point (a provided Python script), preventing the agent from executing arbitrary or unvetted commands.
Audit Metadata