alibabacloud-sysom-diagnosis

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches installation and setup scripts from official and well-known sources. Specifically, it downloads the uv tool from astral.sh and updates the Alibaba Cloud CLI via aliyuncli.alicdn.com during initialization and maintenance. These downloads are performed using curl piped to shell execution as part of standard environment setup.
  • [COMMAND_EXECUTION]: The skill executes local system utilities and diagnostic commands to collect metrics. This includes using subprocess.run() to invoke ps, dmesg, journalctl, and aliyun CLI commands. These operations are restricted to the intended purpose of system diagnostics and are handled within the sysom_cli Python framework.
  • [DATA_EXFILTRATION]: The skill communicates with official Alibaba Cloud SysOM endpoints (e.g., sysom.cn-hangzhou.aliyuncs.com) to perform remote diagnostics. It also accesses the local ECS Metadata Service (100.100.100.200) to retrieve instance identifiers for automated configuration. There is no evidence of data being transmitted to unauthorized or third-party destinations.
  • [CREDENTIALS_UNSAFE]: The skill adheres to security best practices for credential handling. It uses the official ~/.aliyun/config.json configuration and environment variables for authentication. The instructions explicitly prohibit the agent from requesting or accepting AccessKeys or Secrets within the chat interface, directing users instead to a secure local configuration command (osops configure).
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 07:01 PM
Security Audit — agent-trust-hub — alibabacloud-sysom-diagnosis