alibabacloud-polardb-mysql-inspection

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the Aliyun CLI and necessary service plugins (PolarDB, DAS, CloudMonitor) from official Alibaba Cloud domains (aliyuncli.alicdn.com).
  • [REMOTE_CODE_EXECUTION]: Includes the official installation command for the Aliyun CLI, which uses a piped shell script (curl | bash). This is a documented method provided by the vendor.
  • [COMMAND_EXECUTION]: Orchestrates database inspection by executing Aliyun CLI commands through Python's subprocess module. Arguments are passed as lists to prevent shell injection, and execution is restricted to a read-only allowlist of API actions.
  • [SAFE]: Implements a dedicated shell hook (scripts/check-write-operation.sh) that monitors tool calls and blocks any attempt to perform write operations, direct database connections, or client installations, ensuring the skill remains read-only.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 06:31 AM
Security Audit — agent-trust-hub — alibabacloud-polardb-mysql-inspection