Skills
skills/shigzz/aliyun-skills/aliyun-deploy/Gen Agent Trust Hub

aliyun-deploy

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute 'sudo certbot', which involves running system commands with root-level privileges to obtain SSL certificates.
  • [CREDENTIALS_UNSAFE]: The instructions direct the agent to check the project root's '.env' file for 'ALIBABA_CLOUD_ACCESS_KEY_ID' and 'ALIBABA_CLOUD_ACCESS_KEY_SECRET', posing a risk of exposing sensitive cloud credentials to the agent's context.
  • [REMOTE_CODE_EXECUTION]: The skill triggers project build scripts (e.g., 'npm run build') and 'pip install' commands, which execute code that could be maliciously modified within the user's repository or its dependency chain.
  • [EXTERNAL_DOWNLOADS]: The skill suggests the installation of external packages and additional skills from potentially untrusted or third-party registries using 'npx' and 'pip'.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 09:55 AM