Trust Assessment
alibaba-cloud-model-setup received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 22 findings: 11 critical, 9 high, 2 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Arbitrary command execution, Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings22
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:81 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:86 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:381 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:382 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:387 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:407 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:433 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:616 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:686 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:692 | |
| CRITICAL | Shell profile path used in `bash -c` leads to command injection The `check_env_var_in_shell` function constructs a shell command `bash -c "source {shell_profile} && ..."` where `{shell_profile}` is directly interpolated from user input (`--shell-profile` argument). A malicious user can inject arbitrary shell commands into the `shell_profile` argument, which will be executed by `bash -c`. For example, providing `--shell-profile '; rm -rf /'` would lead to the execution of `rm -rf /`. Avoid direct interpolation of user-controlled paths into shell commands executed via `bash -c`. If sourcing a profile is necessary, rigorously validate the `shell_profile` path to ensure it's a regular file within expected user directories and does not contain shell metacharacters. Alternatively, consider parsing the profile or using `os.environ` directly if the goal is just to check an environment variable. | LLM | scripts/alibaba_cloud_model_setup.py:170 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'persist_systemd_env'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:381 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'persist_systemd_env'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:382 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_systemd_user_env'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:387 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'detect_systemd_user_service'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:407 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'resolve_systemd_user_service'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:433 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:616 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:686 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:692 | |
| HIGH | Arbitrary file write via user-controlled config and shell profile paths The script allows users to specify arbitrary file paths for the configuration file (`--config`) and the shell profile (`--shell-profile`). The script then performs write operations (creating directories, copying, and writing content) to these user-provided paths. This could lead to overwriting or appending to critical system files outside the user's home directory, resulting in data corruption, denial of service, or system compromise. Implement strict validation for user-provided file paths. Ensure that `--config` and `--shell-profile` arguments resolve to paths within the user's home directory or other explicitly whitelisted, safe locations. Reject any paths that attempt to traverse outside these boundaries (e.g., using `..`). | LLM | scripts/alibaba_cloud_model_setup.py:204 | |
| MEDIUM | Suspicious import: urllib Import of 'urllib' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/extraterrest/alibaba-cloud-model-setup/scripts/alibaba_cloud_model_setup.py:19 | |
| MEDIUM | User-controlled service name in `systemctl restart` command The `write_env_var_to_systemd` function executes `systemctl --user restart <service_name>`, where `<service_name>` is directly taken from user input (`--systemd-service`). While `subprocess.run` with a list of arguments mitigates direct shell injection, a malicious user could specify a service name that points to a controlled or unintended systemd unit file, potentially leading to denial of service (by restarting critical user services) or other undesirable effects within the user's systemd scope. Validate the `service_name` argument against a whitelist of allowed service names (e.g., 'openclaw') or enforce strict naming conventions to prevent the specification of arbitrary or malicious service names. | LLM | scripts/alibaba_cloud_model_setup.py:197 |
Scan History
Embed Code
[](https://skillshield.io/report/a735449cbf1ded80)
Powered by SkillShield