Skills
skills/cinience/alicloud-skills/alicloud-compute-swas-open/Gen Agent Trust Hub

alicloud-compute-swas-open

Warn

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements remote command execution on Alibaba Cloud instances using the 'Cloud Assistant' (RunCommand API). This is utilized in scripts/fix_ssh_access.py to automate system configuration changes and in scripts/get_ssh_port.py to query remote state.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of several official Alibaba Cloud Python SDK packages from PyPI: alibabacloud_swas_open20200601, alibabacloud_tea_openapi, and alibabacloud_credentials.
  • [CREDENTIALS_UNSAFE]: The Python scripts are designed to consume Alibaba Cloud Access Keys and Security Tokens from standard environment variables such as ALICLOUD_ACCESS_KEY_ID.
  • [DATA_EXFILTRATION]: The script scripts/fix_ssh_access.py performs a local file read of the user's sensitive SSH public key file (defaulting to ~/.ssh/id_ed25519.pub) to facilitate remote provisioning.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 10:15 AM