cloudbase
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends setting up the CloudBase MCP server using the @cloudbase/cloudbase-mcp package from the NPM registry. This is an official package from the vendor used to provide management tools to the agent environment.
- [REMOTE_CODE_EXECUTION]: Capability management is handled via npx commands to run the MCP server and the mcporter tool. This is the intended method for extending the agent's functionality to interact with the CloudBase API.
- [CREDENTIALS_UNSAFE]: The guidelines explicitly advise against hard-coding secrets like Secret ID or Env ID, recommending interactive device-code authentication instead.
- [PROMPT_INJECTION]: The skill acts as a controller for cloud operations and uses a structured routing system with validation steps, such as resolving environment aliases to canonical IDs, to ensure requests are handled correctly.
Audit Metadata