alibabacloud-sas-malware-detection

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation instructions include a command to fetch and execute a setup script (https://aliyuncli.alicdn.com/setup.sh) via a pipe to bash. This script originates from the vendor's official content delivery network and is used to manage the Aliyun CLI environment.- [EXTERNAL_DOWNLOADS]: The skill downloads installation binaries and scripts from the vendor's infrastructure and uploads local files to Alibaba Cloud Object Storage Service (OSS) for the purpose of malware detection.- [COMMAND_EXECUTION]: The provided bash script (scripts/malware_scan.sh) executes local system commands including find, md5sum, jq, and the aliyun CLI to process files and directories based on user-provided paths.- [DATA_EXFILTRATION]: In accordance with its primary function, the skill transmits local file data to Alibaba Cloud Security Center (SAS) for virus scanning. The transmission is directed to the vendor's authenticated API and storage endpoints.- [CREDENTIALS_UNSAFE]: The skill documentation includes explicit security protocols that forbid the direct input or display of Access Key credentials within the session, directing users to utilize official configuration profiles for authentication.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:27 PM
Security Audit — agent-trust-hub — alibabacloud-sas-malware-detection