alibabacloud-waf-rule-management

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes aliyun CLI commands (e.g., aliyun waf-openapi, aliyun sls get-logs-v2) to query WAF configuration and traffic logs. This is consistent with its primary function as a diagnostic tool.
  • [COMMAND_EXECUTION]: The skill invokes a local script scripts/rule_matcher.py to analyze WAF rules against log data. The script is self-contained and focuses on pattern matching without performing dangerous system operations.
  • [EXTERNAL_DOWNLOADS]: Documentation within the skill guides the user to install the aliyun CLI and aliyun-log-cli from official Alibaba Cloud domains (aliyuncli.alicdn.com) if they are not already present. This follows security best practices by requiring manual user installation of prerequisites.
  • [SAFE]: The skill contains extensive 'Absolute Prohibitions' that prevent the AI agent from performing configuration changes, generating scripts, or accessing sensitive credential files (~/.aliyun/config.json).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 08:29 AM
Security Audit — agent-trust-hub — alibabacloud-waf-rule-management