alibabacloud-sysom-diagnosis
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches installation and setup scripts from official and well-known sources. Specifically, it downloads the
uvtool fromastral.shand updates the Alibaba Cloud CLI viaaliyuncli.alicdn.comduring initialization and maintenance. These downloads are performed usingcurlpiped to shell execution as part of standard environment setup. - [COMMAND_EXECUTION]: The skill executes local system utilities and diagnostic commands to collect metrics. This includes using
subprocess.run()to invokeps,dmesg,journalctl, andaliyunCLI commands. These operations are restricted to the intended purpose of system diagnostics and are handled within thesysom_cliPython framework. - [DATA_EXFILTRATION]: The skill communicates with official Alibaba Cloud SysOM endpoints (e.g.,
sysom.cn-hangzhou.aliyuncs.com) to perform remote diagnostics. It also accesses the local ECS Metadata Service (100.100.100.200) to retrieve instance identifiers for automated configuration. There is no evidence of data being transmitted to unauthorized or third-party destinations. - [CREDENTIALS_UNSAFE]: The skill adheres to security best practices for credential handling. It uses the official
~/.aliyun/config.jsonconfiguration and environment variables for authentication. The instructions explicitly prohibit the agent from requesting or accepting AccessKeys or Secrets within the chat interface, directing users instead to a secure local configuration command (osops configure).
Audit Metadata