alicloud-network-dns-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an example that passes access-key-id and access-key-secret directly on the CLI (and thus would require substituting user API keys verbatim into commands), which is an insecure secret-handling pattern despite also mentioning environment variables.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation step downloads and installs a remote binary at runtime from https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz which is then executed (aliyun CLI) and is a required dependency, so this URL can directly execute remote code.