alibabacloud-tech-solution-animation-creation-auto-deploy

SUSPICIOUS: The skill is broadly aligned with its stated Alibaba Cloud deployment purpose and uses official Alibaba tooling/endpoints, so it is not overtly malicious. However, it carries meaningful security risk from auto-installing/updating CLI plugins, automatically creating billable resources and API keys, exposing the generated API key in shell/output, and invoking another skill for permission handling.

This module is an automation script that creates cloud credentials (workspace + API key). While there is no clear malicious payload logic in the snippet, it has a high security risk because it exports the API key into the environment and also echoes the API key (and ID) to stdout, which commonly results in persistent log/CI exposure. The behavior should be reviewed and remediated (e.g., do not print secrets; use secret stores/masking; add explicit user/CI gating; avoid suppressing errors where it affects control flow).