Skills
skills/partme-ai/full-stack-skills/spring-cloud-alibaba/Gen Agent Trust Hub

spring-cloud-alibaba

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the user to download Nacos Server using 'wget https://github.com/alibaba/nacos/releases/download/2.2.0/nacos-server-2.2.0.tar.gz'. Since the 'alibaba' organization is not included in the predefined trusted list, this is considered an untrusted external download.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill provides instructions to execute 'sh startup.sh' on the extracted contents of a package downloaded from an untrusted source, which is a high-risk remote code execution pattern.
  • [COMMAND_EXECUTION] (MEDIUM): The skill suggests local command execution involving extraction and script running ('tar -xzf', 'sh startup.sh') on data retrieved from the internet.
  • [SAFE] (SAFE): The scanner alert for 'accountService.de' is a false positive. The string occurs within a Java code snippet as 'accountService.deductBalance', where '.de' is a prefix of the method name, not a malicious domain.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:11 PM