Skills
skills/huaweicloud/huaweicloud-skills/huawei-cloud-iam-query/Gen Agent Trust Hub

huawei-cloud-iam-query

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The environment setup script (scripts/ensure_env.py) executes system commands to manage virtual environments and install necessary Python dependencies. This includes invoking package managers such as pip, apt, yum, dnf, and brew. It also utilizes os.execv to restart the script process within a newly created virtual environment.
  • [EXTERNAL_DOWNLOADS]: During environment preparation, the skill may download the get-pip.py utility from trusted sources like pypa.io or huaweicloud.com. It also accesses well-known repository mirrors (e.g., Tsinghua University, Aliyun) to install the required Huawei Cloud SDK packages.
  • [DATA_EXPOSURE]: The skill requires Huawei Cloud credentials (HW_ACCESS_KEY, HW_SECRET_KEY) to be present in environment variables. The scripts access these credentials to authenticate API calls. The SKILL.md file contains explicit instructions to prevent the agent from displaying these sensitive values to the user.
  • [SSL_VERIFICATION_DISABLED]: The configuration script (scripts/config.py) and setup script (scripts/ensure_env.py) disable SSL certificate verification (ignore_ssl_verification = True and ssl._create_unverified_context()). This is intended to avoid connectivity issues in restricted network environments but reduces protection against man-in-the-middle attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:56 PM
Security Audit — agent-trust-hub — huawei-cloud-iam-query