alibabacloud-pai-node-management

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via the aliyun CLI to perform cloud resource management. It includes strict instructions for parameter formatting (CSV vs space-separated) and backend-enforced validation rules.
  • [SAFE]: Implements a mandatory 'CONFIRM-NODE-OP <NODE_ID>' two-step confirmation protocol for all state-mutating operations (cordon, uncordon, drain). This prevents accidental or unauthorized modifications by requiring an explicit user token matching a pre-calculated plan.
  • [SAFE]: Includes comprehensive out-of-scope refusal patterns that prohibit the agent from suggesting or echoing unauthorized access methods, such as direct SSH login, kubectl commands, or ECS instance-level power management. These are documented as platform-managed black boxes.
  • [SAFE]: Enforces audit observability by requiring a unique session-id and a mandatory --user-agent flag for every business API invocation through the CLI.
  • [SAFE]: All tool installations and updates referenced in the documentation target official vendor repositories (github.com/aliyun/aliyun-cli) and domains (aliyun.com), adhering to trusted source guidelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:27 PM
Security Audit — agent-trust-hub — alibabacloud-pai-node-management