alibabacloud-waf-protectionconfig-backup

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation guide includes a pattern to install the Aliyun CLI using curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash. This executes a remote script directly in the shell. As the domain alicdn.com is a legitimate resource for the vendor aliyun, this is documented as standard installation behavior.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the CLI setup script from https://aliyuncli.alicdn.com/setup.sh and requires the installation of the openpyxl Python package for generating Excel reports.
  • [COMMAND_EXECUTION]: The skill relies on the aliyun CLI for all cloud interactions and uses python3 -c to perform data processing and file generation tasks locally.
  • [CREDENTIALS_UNSAFE]: The skill implements strict internal safety rules for the agent, explicitly prohibiting the reading, printing, or inputting of Access Key/Secret Key values. It directs users to manage credentials through secure, out-of-band CLI configuration methods.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:27 PM
Security Audit — agent-trust-hub — alibabacloud-waf-protectionconfig-backup