Alibabacloud Governance Evaluation Report

The skill's code and instructions align with its stated purpose (querying Alibaba Cloud Governance Center via the Aliyun CLI), but it writes a local cache and asks you to enable CLI auto-plugin installation—review those side effects and credential use before installing.

This skill appears to do what it says: it talks to Alibaba Cloud Governance Center via the Aliyun CLI and produces structured reports. Before installing or running it: - Be prepared to authenticate the Aliyun CLI (AK/STSToken/RAM role). Use least-privilege credentials (AliyunGovernanceReadOnlyAccess) and do NOT use root account keys. - Review and accept the side effects: the SKILL.md asks you to run `aliyun configure set --auto-plugin-install true` (this allows the CLI to download plugins) and the script will create a cache directory at ~/.governance_cache. If you dislike automatic plugin installs, install the governance plugin manually instead. - The agent will run the python script which invokes `aliyun governance ...` via subprocess; ensure you confirm any profile/metric IDs/filters before the agent executes commands (the skill instructs confirmation, but the agent may run autonomously depending on your agent settings). - Inspect the cache directory after first run and consider file permissions (cache contains API responses). If you need higher assurance, run the Python script locally yourself to observe behavior before allowing the agent to use the skill. Confidence is medium because the package has no published homepage/author metadata; exercise usual caution with unknown sources even when functionality is coherent.