byted-emr-skills

该技能整体与“Volcengine EMR 管理/诊断”目的基本一致，数据流也指向官方 API 体系，未见明显凭证转发到第三方或明确恶意行为。主要问题是权限面很广、可执行高影响云运维操作，且 SDK 安装依赖本地脚本与未充分校验来源的 wheel，因而更适合判定为可疑/中等风险而非恶意。

The script is simple but leverages a local wheel for installation, which introduces supply-chain and runtime risks. The absence of integrity checks, lack of input/path validation, and a potentially misnamed wheel file increase risk of inadvertent or malicious installations. This pattern is acceptable only with strong provenance controls and isolated builds.