alibabacloud-finops-inspect

Warn

Audited by Socket on Jun 30, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The stated purpose, requested read-only Alibaba permissions, and direct official API usage are broadly coherent for a FinOps inspection skill, so there is no strong evidence of malware or credential theft. The main risk is execution trust: the mandatory local script and its Python dependencies were not provided, so the actual code handling Alibaba credentials and API calls is unverifiable from the supplied material.

Confidence: 85%Severity: 58%
Audit Metadata
Analyzed At
Jun 30, 2026, 06:48 AM
Package URL
pkg:socket/skills-sh/aliyun%2Falibabacloud-aiops-skills%2Falibabacloud-finops-inspect%2F@65131a355f9cca974ae4106f37e4de38380abb7b616b80325d90cec90766f057
Security Audit — socket — alibabacloud-finops-inspect