aliyun-oss-ossutil
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the ossutil tool from official Alibaba Cloud URLs (gosspublic.alicdn.com) for Linux and macOS platforms.
- [COMMAND_EXECUTION]: Uses 'sudo' to install the 'unzip' utility and move the ossutil binary to system directories (/usr/local/bin) during the installation process.
- [COMMAND_EXECUTION]: Executes a local Python script (scripts/check_ossutil.py) that invokes the ossutil binary using subprocess.run to verify its version.
- [PROMPT_INJECTION]: Processes data from remote OSS buckets (object names and content), which is an inherent feature of storage management tools but constitutes an indirect ingestion surface.
- Ingestion points: Object listings from 'ossutil ls' and downloaded data from 'ossutil cp'.
- Boundary markers: None present.
- Capability inventory: Shell command execution and file system access.
- Sanitization: None present.
Audit Metadata