Skills
skills/teachingai/agent-skills/spring-cloud-alibaba/Gen Agent Trust Hub

spring-cloud-alibaba

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • EXTERNAL_DOWNLOADS & COMMAND_EXECUTION (HIGH): The skill contains instructions to download a binary archive and execute shell scripts from a non-whitelisted source.
  • Evidence: wget https://github.com/alibaba/nacos/releases/download/2.2.0/nacos-server-2.2.0.tar.gz followed by sh startup.sh in SKILL.md.
  • Trust Status: The alibaba organization is not on the provided list of Trusted GitHub Organizations. Per [TRUST-SCOPE-RULE], this remains a HIGH severity finding.
  • DATA_EXFILTRATION / PHISHING (LOW): Automated scanners flagged a malicious URL within the skill content.
  • Evidence: accountService.de flagged as phishing.
  • Context: The string appears in the Java snippet accountService.deductBalance(...). While this is likely a false positive where the scanner mistook the Java object/method boundary for a domain, the string matches a known malicious domain and could be interpreted as a link by certain UI components or parsers.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:24 AM