alicloud-media-vod-test
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for a smoke test utility. It is intended to verify that the environment is correctly configured and that the target service is reachable.
- [COMMAND_EXECUTION]: The skill executes
python3 tests/common/compile_skill_scripts.pyto perform an offline validation of the target skill's source code. This is an expected and legitimate use of command execution for testing purposes. - [CREDENTIALS_UNSAFE]: The instructions reference standard Alibaba Cloud environment variables (
ALICLOUD_ACCESS_KEY_ID,ALICLOUD_ACCESS_KEY_SECRET) for authentication. It correctly advises the user to configure these with least privilege and does not contain any hardcoded secrets. - [DATA_EXFILTRATION]: There are no signs of unauthorized network activity. The skill identifies and executes read-only API calls (such as
Describe*orList*) directed only at the official service provider for verification, with no evidence of data being sent to external or untrusted domains.
Audit Metadata