huawei-cloud-terraform-installer
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation file 'references/verification-method.md' contains hardcoded root credentials ('root/Test@123456') and an associated IP address ('1.92.158.126') intended for environment verification.
- [EXTERNAL_DOWNLOADS]: The script 'scripts/install_terraform.py' is designed to download binary archives from HashiCorp's official release domain and Huawei Cloud's mirror infrastructure.
- [COMMAND_EXECUTION]: The skill utilizes 'subprocess.run' to execute commands for verifying the Terraform version and performing provider initialization.
- [COMMAND_EXECUTION]: On Windows systems, the script employs 'shell=True' when calling the 'where' command to locate binary paths.
- [REMOTE_CODE_EXECUTION]: The installation logic involves fetching binary executables from remote servers which are subsequently executed via system calls to confirm successful setup.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.github.com/repos/hashicorp/terraform/releases/latest - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata