alibabacloud-polardb-mysql-inspection
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the Aliyun CLI and necessary service plugins (PolarDB, DAS, CloudMonitor) from official Alibaba Cloud domains (
aliyuncli.alicdn.com). - [REMOTE_CODE_EXECUTION]: Includes the official installation command for the Aliyun CLI, which uses a piped shell script (
curl | bash). This is a documented method provided by the vendor. - [COMMAND_EXECUTION]: Orchestrates database inspection by executing Aliyun CLI commands through Python's
subprocessmodule. Arguments are passed as lists to prevent shell injection, and execution is restricted to a read-only allowlist of API actions. - [SAFE]: Implements a dedicated shell hook (
scripts/check-write-operation.sh) that monitors tool calls and blocks any attempt to perform write operations, direct database connections, or client installations, ensuring the skill remains read-only.
Audit Metadata