codearts-shared

SUSPICIOUS: the skill’s purpose is coherent, but its trust and data-flow model are not. It asks users to install a not-clearly-official CLI, store cloud AK/SK locally, and send requests through a configurable plain-HTTP gateway/IP rather than verifiable official Huawei Cloud HTTPS endpoints. That combination is disproportionate for a shared auth/bootstrap skill and creates significant credential interception risk.