aliyun-cdn-manage
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official Alibaba Cloud API endpoints (api.aliyun.com) to fetch metadata for CDN operations. This is a well-known service and the interaction is limited to fetching public documentation.
- [SAFE]: The skill correctly guides the user toward secure credential management by suggesting the use of environment variables (ALICLOUD_ACCESS_KEY_ID, etc.) and STS temporary credentials rather than hardcoding secrets.
- [SAFE]: The workflow incorporates a safety-first approach by instructing the agent to perform read-only queries (Describe* APIs) to validate current state before executing any mutating operations.
- [SAFE]: The Python script 'list_openapi_meta_apis.py' is a utility that fetches and saves API documentation. It uses standard libraries (urllib.request) and does not exhibit any dangerous patterns like arbitrary code execution or unauthorized data exfiltration.
Audit Metadata