alibabacloud-waf-rule-management
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
aliyunCLI commands (e.g.,aliyun waf-openapi,aliyun sls get-logs-v2) to query WAF configuration and traffic logs. This is consistent with its primary function as a diagnostic tool. - [COMMAND_EXECUTION]: The skill invokes a local script
scripts/rule_matcher.pyto analyze WAF rules against log data. The script is self-contained and focuses on pattern matching without performing dangerous system operations. - [EXTERNAL_DOWNLOADS]: Documentation within the skill guides the user to install the
aliyunCLI andaliyun-log-clifrom official Alibaba Cloud domains (aliyuncli.alicdn.com) if they are not already present. This follows security best practices by requiring manual user installation of prerequisites. - [SAFE]: The skill contains extensive 'Absolute Prohibitions' that prevent the AI agent from performing configuration changes, generating scripts, or accessing sensitive credential files (
~/.aliyun/config.json).
Audit Metadata