alibabacloud-finops-inspect

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs only read-only inspections of Alibaba Cloud resources (ECS, RDS, VPC, SLB, etc.) to detect idle or low-utilization instances, adhering to the principle of least privilege.
  • [SAFE]: It utilizes official Alibaba Cloud Python SDKs for all API interactions, ensuring authenticated and traceable communication with vendor infrastructure.
  • [SAFE]: A mandatory Human-In-The-Loop (HITL) protocol is implemented, requiring the agent to confirm CLI parameters with the user before executing the inspection script.
  • [SAFE]: Credential management relies on the standard alibabacloud-credentials chain, which securely loads access keys from environment variables or existing CLI configurations without hardcoding or persistent logging.
  • [SAFE]: All network requests target official Alibaba Cloud API endpoints (aliyuncs.com), which are legitimate resources for the skill's author (aliyun).
  • [SAFE]: The skill provides detailed documentation for RAM policies, encouraging users to grant only the specific read-only permissions required for operation.
  • [SAFE]: The execution is restricted to a single entry point (a provided Python script), preventing the agent from executing arbitrary or unvetted commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 06:45 AM
Security Audit — agent-trust-hub — alibabacloud-finops-inspect