Skills
skills/aliyun/alibabacloud-aiops-skills/alibabacloud-pds-intelligent-workspace/Gen Agent Trust Hub

alibabacloud-pds-intelligent-workspace

Fail

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the Aliyun CLI by piping a remote shell script from the vendor's official CDN directly into the bash interpreter (curl -fsSL ... | bash in SKILL.md).
  • [EXTERNAL_DOWNLOADS]: Binaries and installation packages for the Aliyun CLI and the Mount App plugin are downloaded from vendor-controlled domains such as alicdn.com and aliyunpds.com.
  • [PERSISTENCE_MECHANISMS]: To ensure the PDS drive remains mounted after system restarts, the skill configures persistent services using Windows Scheduled Tasks (Register-ScheduledTask) and macOS Launch Agents (launchd) as described in references/mountapp.md.
  • [PRIVILEGE_ESCALATION]: The skill uses sudo (Linux/macOS) and RunAs (Windows) to install file system drivers (Dokan and macFUSE) and to move command-line tools into system directories.
  • [COMMAND_EXECUTION]: The Python script scripts/pds_poll_processor.py invokes the aliyun command-line tool using the subprocess.run function to poll for the status of document and video analysis tasks.
Recommendations
  • HIGH: Downloads and executes remote code from: https://aliyuncli.alicdn.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 15, 2026, 08:44 AM