yunxiao-devops

The skill bundle provides a comprehensive suite for Alibaba Yunxiao DevOps automation but contains a hardcoded Personal Access Token (PAT) and Feishu OpenID in `scripts/mr-action.mjs`, which is a major security vulnerability. Additionally, `scripts/bug-fix-flow.mjs` performs high-risk operations including automated SSH key generation, registration of the public key to the Yunxiao platform, and the execution of AI-generated code via Claude Code. While these features are aligned with the stated purpose and include some safeguards (such as privilege dropping to a non-root user), the combination of leaked credentials and broad system/repository access warrants a suspicious classification.