Skills
skills/cinience/alicloud-skills/aliyun-swas-manage/Gen Agent Trust Hub

aliyun-swas-manage

Warn

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/fix_ssh_access.py dynamically constructs a Bash script using Python f-strings with variables like user, port, and pub_key. Because these variables are not sanitized or escaped before being placed into the script template, it is vulnerable to command injection on the target instance if malicious inputs are provided.
  • [COMMAND_EXECUTION]: The skill utilizes the Alibaba Cloud RunCommand API, which allows the execution of arbitrary shell and PowerShell scripts on remote instances with root/administrator privileges.
  • [COMMAND_EXECUTION]: The fix_ssh_access.py script automatically modifies the target instance's /etc/ssh/sshd_config to enable PermitRootLogin yes. This is a significant security configuration change that increases the instance's attack surface.
  • [CREDENTIALS_UNSAFE]: The script scripts/fix_ssh_access.py provides functionality to programmatically add SSH public keys to the authorized_keys file of target instances, facilitating persistent remote access.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 10, 2026, 11:50 AM