huawei-cloud-flexus-l-deploy-jiuwenswarm

SUSPICIOUS. The skill’s capabilities mostly match its cloud deployment purpose and its primary data flows point to official Huawei Cloud services, so there is no strong evidence of malware. However, it enables billable infrastructure creation, remote command execution, and forwarding of multiple sensitive credentials, while key deployment script contents are not visible here; that makes the overall security risk medium.

No direct malicious behavior (e.g., backdoor/exfiltration/reverse shell) is evident in the provided shell fragment. However, the script performs high-impact supply-chain and privilege operations: it installs and immediately executes a third-party Python package from a remote mirror without version pinning or hash/signature verification, and it runs the resulting service as `root`. This combination means that if the package artifacts (or mirror) were tampered with, arbitrary code could execute with elevated privileges. Additionally, the generated configuration includes security-weak defaults (placeholder session secret and permissive CORS) that should be hardened before production use.