Skills
skills/2284730142/alibabacloud-devops-mcp-server/yunxiao-devops/Gen Agent Trust Hub

yunxiao-devops

Warn

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The documentation in references/pipeline.md describes a 'Smart Creation' feature that executes local shell commands, specifically git config --get remote.origin.url and git branch --show-current, to automate configuration. This provides the agent with a mechanism to interact directly with the host's command line environment.
  • [EXTERNAL_DOWNLOADS]: The executable script scripts/yunxiao-cli/index.mjs attempts to import critical functionality from a ./dist/ directory (e.g., tool-registry, tool-handlers). These files are not included in the skill package, making the core logic of the tool opaque and unverifiable.
  • [CREDENTIALS_UNSAFE]: The skill requires a YUNXIAO_ACCESS_TOKEN for API authentication. The SKILL.md instructions guide users to export this token as an environment variable, which may result in sensitive credentials being exposed in shell histories, environment logs, or to other local processes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 25, 2026, 02:15 AM