alibabacloud-sas-install-agent

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes the Aliyun CLI installation script from aliyuncli.alicdn.com/setup.sh and security agent installation scripts from aegis.alicdn.com and update2.aegis.aliyun.com. These resources originate from the vendor's official distribution and update infrastructure.
  • [COMMAND_EXECUTION]: Employs the aliyun CLI to perform management tasks such as querying asset status, binding authorizations, and triggering security scans. A strict policy is enforced where all write operations require detailed disclosure and explicit user confirmation before execution.
  • [EXTERNAL_DOWNLOADS]: Downloads necessary binaries and configuration files from vendor-controlled domains (aliyun.com and alicdn.com) to facilitate CLI setup and agent deployment.
  • [SAFE]: The skill demonstrates security awareness by explicitly prohibiting the display or printing of sensitive credentials (AccessKey/SecretKey) and following the principle of least privilege for automated tasks. It also handles internal sensitive fields like MergedVersion by stripping them from any user-facing output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:28 PM
Security Audit — agent-trust-hub — alibabacloud-sas-install-agent