Skills
skills/huaweicloud/huaweicloud-skills/huawei-cloud-storage-query/Gen Agent Trust Hub

huawei-cloud-storage-query

Warn

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses various methods to execute shell commands and system processes during its setup and operation.
  • The ensure_env.py script uses subprocess.run to manage virtual environments and install Python dependencies via pip.
  • On Linux systems, ensure_env.py attempts to execute sudo apt install to obtain system-level dependencies like python3-venv.
  • The skill uses os.execv() in ensure_env.py to replace the current process with the virtual environment's Python interpreter.
  • [EXTERNAL_DOWNLOADS]: The environment preparation logic (ensure_env.py) automatically downloads the get-pip.py script if the pip package manager is missing.
  • Remote downloads are attempted from bootstrap.pypa.io and the vendor's mirror at mirrors.huaweicloud.com.
  • [COMMAND_EXECUTION]: The skill contains configurations that explicitly disable security protocols for network communications.
  • scripts/config.py and scripts/ensure_env.py both configure the environment to ignore SSL certificate validation (ignore_ssl_verification = True and ssl._create_unverified_context()). This practice prevents the validation of remote server identities and exposes API traffic to potential Man-in-the-Middle (MitM) attacks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 11:26 AM
Security Audit — agent-trust-hub — huawei-cloud-storage-query