skills/ascend-ai-coding/awesome-ascend-skills/external-gitcode-ascend-verl-feature-deploy/Gen Agent Trust Hub
external-gitcode-ascend-verl-feature-deploy
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
docker runwith the--privilegedflag and mounts several sensitive host paths, including/dev/davinci*(NPU devices),/usr/local/Ascend(driver/toolkit paths), and/home. These high-privilege settings are a functional requirement for enabling NPU acceleration and distributed training within containers. - [COMMAND_EXECUTION]: Multiple files (
assets/start_template.sh,references/ops-commands.md,references/troubleshooting.md) contain commands to terminate processes (pkill -9 python,ray stop --force) and remove temporary files (rm -rf /tmp/ray). In the context of ML operations, these are standard cleanup and recovery procedures used to reset the environment for new training runs. - [EXTERNAL_DOWNLOADS]: The skill pulls Docker images from
quay.io/ascend/verland installs theswanlabPython package. These downloads originate from well-known registries and are directly related to the skill's primary purpose of model training and monitoring. - [CREDENTIALS_UNSAFE]: The skill prompts the user for a SwanLab API Key. This credential is used for a legitimate login operation via the official SwanLab CLI (
swanlab login) and is stored in the service's default configuration directory (~/.swanlab/). The handling of the key follows standard practices for this integration.
Audit Metadata