Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The guide instructs users to pass long-lived access keys directly on the command line and shows them stored in ~/.aliyun/config.json, which can expose secrets through shell history, process inspection, logs, and plaintext local storage. In an agent/automation context, this is more dangerous because commands may be captured in transcripts, CI logs, or tool telemetry.
