hologres-cli
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a command-line interface for database management. It includes extensive safety features such as a mandatory
--writeflag for any data-modifying operations and a block onUPDATE/DELETEstatements that lack aWHEREclause. - [CREDENTIALS_UNSAFE]: While the skill manages authentication for database and OSS access (e.g.,
hologres volume create), it does so through standard profile-based configuration stored locally in~/.hologres/config.json. There are no hardcoded secrets or evidence of credential harvesting. - [DATA_EXFILTRATION]: The skill facilitates data movement between Hologres and Alibaba Cloud OSS (Object Storage Service). These operations are part of the core functionality for data import/export and are directed at the user's own cloud infrastructure. No unauthorized data transmission to third-party domains was detected.
- [DYNAMIC_EXECUTION]: The test suite (
tests/test_skill_completeness.py) utilizesimportlib.import_module()to dynamically inspect the CLI codebase. This is used solely to verify that the documentation remains consistent with the actual source code and does not represent a runtime risk for the agent. - [EXTERNAL_DOWNLOADS]: The skill references the
hologres-clipackage, which is hosted on a vendor-owned registry. These references are consistent with standard installation procedures for developer tools.
Audit Metadata