huawei-cloud-terraform-installer
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The installer makes runtime network requests to fetch and install executables (remote code)—notably Terraform from https://releases.hashicorp.com/terraform/ (and the Windows fixed link to releases.hashicorp.com) and the Huawei provider from https://mirrors.huaweicloud.com/terraform/registry.terraform.io/...—so these external URLs deliver required binaries that are executed on the host.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt explicitly instructs running the installer with elevated privileges (Windows "Run as administrator" and "sudo python3 install_terraform.py"), which encourages the agent/user to perform privileged changes to the host system and thus can compromise machine state.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata