alibabacloud-devops

Warn

Audited by Socket on Jun 25, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

该 Skill 的能力与“阿里云云效 DevOps MCP Server”定位基本一致,未见明显越权读取本地敏感文件或将数据路由到可疑外部端点,整体不像恶意技能。但它依赖未固定版本的 npm 即时执行,并把高权限云效令牌转发给第三方 CLI/服务器进程链,同时支持部署与流水线等高影响操作,因此应判为可疑偏高风险而非恶意。

Confidence: 89%Severity: 66%
Audit Metadata
Analyzed At
Jun 25, 2026, 08:35 AM
Package URL
pkg:socket/skills-sh/aliyun%2Falibabacloud-devops-mcp-server%2Falibabacloud-devops%2F@1c9a3a7de3261afab1fa8f90e9de1dc9fe2aae49ba832735be5143067f36fa48
Security Audit — socket — alibabacloud-devops