Skills
skills/huaweicloud/huaweicloud-skills/huawei-cloud-ecs-alert/Gen Agent Trust Hub

huawei-cloud-ecs-alert

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Several scripts, including scripts/create_alert_rules.sh, scripts/list_alarms.sh, and scripts/list_ecs.sh, utilize the eval command to execute shell strings constructed with variables derived from input arguments (e.g., ECS IDs, alarm names, filters). This pattern is a significant security risk as it allows for arbitrary command injection if the input parameters are not rigorously sanitized or escaped before being evaluated.
  • [EXTERNAL_DOWNLOADS]: Documentation in references/common-commands.md and references/troubleshooting.md recommends installing the Huawei Cloud CLI (KooCLI) by piping a remote script directly into bash: curl -o hcloud_install.sh https://hwcloudcli.obs.cn-north-4.myhuaweicloud.com/cli/latest/hcloud_install.sh && bash hcloud_install.sh. While the source domain belongs to the vendor, this method bypasses standard package management security features and is considered a risky practice.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 09:10 AM
Security Audit — agent-trust-hub — huawei-cloud-ecs-alert