aliyun-dns-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit CLI example that passes --access-key-id and --access-key-secret (placeholders /) and instructs configuring credentials, which encourages collecting and embedding secrets verbatim into commands (even though env vars are suggested as preferable).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime install step downloads and installs a remote CLI binary from https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz which is then executed and is required for the skill to operate, so it constitutes a runtime external dependency that executes remote code.