huawei-cloud-maas-tokens-usage
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows secure credential management practices by explicitly instructing the AI agent to refuse any credentials provided directly in chat and instead guide the user to use environment variables or local configuration files.
- [SAFE]: All network operations are directed towards official Huawei Cloud infrastructure, specifically the IAM and ModelArts endpoints (
*.myhuaweicloud.com). - [SAFE]: The execution logic uses the official
huaweicloudsdkcoresigning library to handle authentication, ensuring requests are properly signed using the HMAC-SHA256 algorithm. - [SAFE]: While the script
scripts/maas_rest_usage_stats.pydisables SSL certificate verification (verify=False), this is identified as a common best-practice violation for internal tooling rather than a malicious pattern. It does not escalate the safety verdict but is noted for transparency.
Audit Metadata