huawei-cloud-flexus-l-deploy-jiuwenswarm
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs system dependencies and application packages from established sources, including the official Ubuntu repositories, NodeSource (for Node.js), and PyPI (utilizing well-known mirrors like Aliyun).
- [REMOTE_CODE_EXECUTION]: Automated scripts include the installation of Node.js 18.x using a piped-to-bash command from
deb.nodesource.com. This is a recognized and standard distribution method for Node.js from a well-known service provider. - [COMMAND_EXECUTION]: The skill relies on Huawei Cloud Cloud Operation Center (COC) to remotely execute orchestration and configuration scripts on the user's cloud instances. This is the intended and transparent mechanism for the skill's deployment functionality.
- [CREDENTIALS_UNSAFE]: Huawei Cloud credentials (AK/SK and STS tokens) are handled via environment variables as per standard security practices. The skill includes explicit instructions to avoid sharing these credentials in the chat interface.
- [DYNAMIC_EXECUTION]: The
prepare_env.pyscript uses__import__to dynamically check for the presence of required SDK modules in the local environment, which is a benign use of dynamic loading for diagnostic purposes.
Audit Metadata